CVE-2016-0807

Published: 7 February 2016

The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application that mishandles a Desc Size element in an ELF Note, aka internal bug 25187394.

Priority

Cvss 3 Severity Score

8.4

Score breakdown

Status

Package	Release	Status
android Launchpad, Ubuntu, Debian	precise	Does not exist
	trusty	Does not exist (trusty was ignored)
	upstream	Needs triage
	wily	Ignored
	xenial	Ignored
	yakkety	Ignored
	zesty	Ignored

Severity score breakdown

Parameter	Value
Base score	8.4
Attack vector	Local
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

https://android.googlesource.com/platform%2Fsystem%2Fcore/+/d917514bd6b270df431ea4e781a865764d406120
http://source.android.com/security/bulletin/2016-02-01.html
https://www.cve.org/CVERecord?id=CVE-2016-0807
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›