1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
Candidate: CVE-2016-2417
PublicDate: 2016-04-17
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2417
https://android.googlesource.com/platform/frameworks/av/+/1171e7c047bf79e7c93342bb6a812c9edd86aa84
http://source.android.com/security/bulletin/2016-04-02.html
Description:
media/libmedia/IOMX.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x
before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not
initialize a parameter data structure, which allows attackers to obtain
sensitive information from process memory, and consequently bypass an
unspecified protection mechanism, via unspecified vectors, as demonstrated
by obtaining Signature or SignatureOrSystem access, aka internal bug
26914474.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by: James Forshaw
Assigned-to:
Patches_android:
upstream_android: released (6.x 2016-04-01)
precise_android: DNE
precise/esm_android: DNE
trusty_android: needed
vivid/stable-phone-overlay_android: ignored (reached end-of-life)
vivid/ubuntu-core_android: DNE
wily_android: ignored (reached end-of-life)
xenial_android: needed
yakkety_android: ignored (reached end-of-life)
zesty_android: needed
devel_android: needed
|