CVE-2016-3907

Published: 25 November 2016

An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30593266. References: Qualcomm QC-CR#1054352.

Notes

Author	Note
sbeattie	Qualcomm specific driver, code not present upstream

Priority

Cvss 3 Severity Score

5.5

Score breakdown

Status

Package	Release	Status
android Launchpad, Ubuntu, Debian	precise	Does not exist
	trusty	Does not exist (trusty was not-affected [code not present])
	upstream	Not vulnerable (code not present)
	xenial	Not vulnerable (code not present)
	yakkety	Not vulnerable (code not present)
	zesty	Not vulnerable (code not present)
linux Launchpad, Ubuntu, Debian	precise	Not vulnerable (code not present)
	trusty	Not vulnerable (code not present)
	upstream	Not vulnerable (code not present)
	xenial	Not vulnerable (code not present)
	yakkety	Not vulnerable (code not present)
	zesty	Not vulnerable (code not present)
linux-armadaxp Launchpad, Ubuntu, Debian	precise	Not vulnerable (code not present)
	trusty	Does not exist
	upstream	Not vulnerable (code not present)
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist
	This package is not directly supported by the Ubuntu Security Team
linux-aws Launchpad, Ubuntu, Debian	precise	Does not exist
	trusty	Not vulnerable (code not present)
	upstream	Not vulnerable (code not present)
	xenial	Not vulnerable (code not present)
	yakkety	Does not exist
	zesty	Does not exist
linux-flo Launchpad, Ubuntu, Debian	precise	Does not exist
	trusty	Does not exist (trusty was ignored)
	upstream	Needs triage
	xenial	Ignored (abandoned)
	yakkety	Ignored (end of life)
	zesty	Does not exist
linux-gke Launchpad, Ubuntu, Debian	precise	Does not exist
	trusty	Does not exist
	upstream	Not vulnerable (code not present)
	xenial	Not vulnerable (code not present)
	yakkety	Does not exist
	zesty	Does not exist
linux-goldfish Launchpad, Ubuntu, Debian	precise	Does not exist
	trusty	Does not exist (trusty was ignored)
	upstream	Not vulnerable (code not present)
	xenial	Not vulnerable (code not present)
	yakkety	Not vulnerable (code not present)
	zesty	Not vulnerable (code not present)
linux-grouper Launchpad, Ubuntu, Debian	precise	Does not exist
	trusty	Does not exist (trusty was ignored)
	upstream	Not vulnerable (code not present)
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist
linux-hwe Launchpad, Ubuntu, Debian	precise	Does not exist
	trusty	Does not exist
	upstream	Not vulnerable (code not present)
	xenial	Not vulnerable (code not present)
	yakkety	Does not exist
	zesty	Does not exist
linux-hwe-edge Launchpad, Ubuntu, Debian	precise	Does not exist
	trusty	Does not exist
	upstream	Not vulnerable (code not present)
	xenial	Not vulnerable (code not present)
	yakkety	Does not exist
	zesty	Does not exist
linux-linaro-omap Launchpad, Ubuntu, Debian	precise	Ignored (end of life)
	trusty	Does not exist
	upstream	Not vulnerable (code not present)
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist
linux-linaro-shared Launchpad, Ubuntu, Debian	precise	Ignored (end of life)
	trusty	Does not exist
	upstream	Not vulnerable (code not present)
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist
linux-linaro-vexpress Launchpad, Ubuntu, Debian	precise	Ignored (end of life)
	trusty	Does not exist
	upstream	Not vulnerable (code not present)
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist
linux-lts-quantal Launchpad, Ubuntu, Debian	precise	Ignored (end of life)
	trusty	Does not exist
	upstream	Not vulnerable (code not present)
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist
	This package is not directly supported by the Ubuntu Security Team
linux-lts-raring Launchpad, Ubuntu, Debian	precise	Ignored (end of life)
	trusty	Does not exist
	upstream	Not vulnerable (code not present)
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist
linux-lts-saucy Launchpad, Ubuntu, Debian	precise	Ignored (end of life)
	trusty	Does not exist
	upstream	Not vulnerable (code not present)
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist
	This package is not directly supported by the Ubuntu Security Team
linux-lts-trusty Launchpad, Ubuntu, Debian	precise	Not vulnerable (code not present)
	trusty	Does not exist
	upstream	Not vulnerable (code not present)
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist
linux-lts-utopic Launchpad, Ubuntu, Debian	precise	Does not exist
	trusty	Does not exist (trusty was ignored [end of standard support])
	upstream	Not vulnerable (code not present)
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist
linux-lts-vivid Launchpad, Ubuntu, Debian	precise	Does not exist
	trusty	Does not exist (trusty was not-affected [code not present])
	upstream	Not vulnerable (code not present)
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist
linux-lts-wily Launchpad, Ubuntu, Debian	precise	Does not exist
	trusty	Does not exist (trusty was ignored [end of standard support])
	upstream	Not vulnerable (code not present)
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist
linux-lts-xenial Launchpad, Ubuntu, Debian	precise	Does not exist
	trusty	Not vulnerable (code not present)
	upstream	Not vulnerable (code not present)
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist
linux-maguro Launchpad, Ubuntu, Debian	precise	Does not exist
	trusty	Does not exist (trusty was ignored)
	upstream	Not vulnerable (code not present)
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist
linux-mako Launchpad, Ubuntu, Debian	precise	Does not exist
	trusty	Does not exist (trusty was ignored)
	upstream	Needs triage
	xenial	Ignored (abandoned)
	yakkety	Ignored (end of life)
	zesty	Does not exist
linux-manta Launchpad, Ubuntu, Debian	precise	Does not exist
	trusty	Does not exist (trusty was ignored)
	upstream	Needs triage
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist
linux-qcm-msm Launchpad, Ubuntu, Debian	precise	Ignored (end of life)
	trusty	Does not exist
	upstream	Not vulnerable (code not present)
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist
linux-raspi2 Launchpad, Ubuntu, Debian	precise	Does not exist
	trusty	Does not exist
	upstream	Not vulnerable (code not present)
	xenial	Not vulnerable (code not present)
	yakkety	Not vulnerable (code not present)
	zesty	Not vulnerable (code not present)
linux-snapdragon Launchpad, Ubuntu, Debian	precise	Does not exist
	trusty	Does not exist
	upstream	Not vulnerable (code not present)
	xenial	Not vulnerable (code not present)
	yakkety	Not vulnerable (code not present)
	zesty	Not vulnerable (code not present)
linux-ti-omap4 Launchpad, Ubuntu, Debian	precise	Not vulnerable (code not present)
	trusty	Does not exist
	upstream	Not vulnerable (code not present)
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist

Severity score breakdown

Parameter	Value
Base score	5.5
Attack vector	Local
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	High
Integrity impact	None
Availability impact	None
Vector	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›