CVE-2016-3859
https://notcve.org/view.php?id=CVE-2016-3859
The Qualcomm camera driver in Android before 2016-09-05 on Nexus 5, 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28815326 and Qualcomm internal bug CR1034641. El controlador de la cámara Qualcomm en Android en versiones anteriores a 2016-09-05 en dispositivos Nexus 5, 5X, 6 y 6P permite a atacantes obtener privilegios a través de una aplicación manipulada, vulnerabilidad también conocida como error interno de Android 28815326 y error interno de Qualcomm CR1034641. • http://source.android.com/security/bulletin/2016-09-01.html http://www.securityfocus.com/bid/92877 http://www.securitytracker.com/id/1036763 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-5344
https://notcve.org/view.php?id=CVE-2016-5344
Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service or possibly have unspecified other impact via a large size value, related to mdss_compat_utils.c, mdss_fb.c, and mdss_rotator.c. Múltiples desbordamientos de entero en el controlador MDSS para el kernel 3.x de Linux, tal como se utiliza en contribuciones Qualcomm Innovation Center (QuIC) Android para dispositivos MSM y otros productos, permite a atacantes provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un valor de gran tamaño, relacionado con mdss_compat_utils.c, mdss_fb.c y mdss_rotator.c. • http://source.android.com/security/bulletin/2016-10-01.html http://www.securityfocus.com/bid/92695 https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=1d2297267c24f2c44bd0ecb244ddb8bc880a29b7 https://www.codeaurora.org/integer-overflow-mdss-driver-cve-2016-5344 • CWE-190: Integer Overflow or Wraparound •
CVE-2016-5342
https://notcve.org/view.php?id=CVE-2016-5342
Heap-based buffer overflow in the wcnss_wlan_write function in drivers/net/wireless/wcnss/wcnss_wlan.c in the wcnss_wlan device driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service or possibly have unspecified other impact by writing to /dev/wcnss_wlan with an unexpected amount of data. Desbordamiento de búfer basado en memoria dinámica en la función wcnss_wlan_write en drivers/net/wireless/wcnss/wcnss_wlan.c en el controlador de dispositivo wcnss_wlan para el kernel 3.x de Linux, según se utiliza en contribuciones Qualcomm Innovation Center (QuIC) Android para dispositivos MSM y otros productos, permite a atacantes provocar una denegación de servicio o posiblemente tener otro impacto no especificado escribiendo a /dev/wcnss_wlan con una cantidad de datos inesperada. • http://source.android.com/security/bulletin/2016-10-01.html http://www.securityfocus.com/bid/92693 https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=579e796cb089324c55e0e689a180575ba81b23d9 https://www.codeaurora.org/buffer-overflow-vulnerability-wcnsswlanwrite-cve-2016-5342 • CWE-787: Out-of-bounds Write •
CVE-2016-5340
https://notcve.org/view.php?id=CVE-2016-5340
The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashmem string as the dentry name. La función is_ashmem_file en drivers/staging/android/ashmem.c en un cierto parche Qualcomm Innovation Center (QuIC) Android para el kernel de Linux 3.x no maneja adecuadamente validación de puntero dentro de KGSL Linux Graphics Module, lo que permite a atacantes eludir restricciones de acceso intencionadas usando la cadena /ashmem como el nombre dentry. • http://source.android.com/security/bulletin/2016-10-01.html http://www.securityfocus.com/bid/92374 http://www.securitytracker.com/id/1036763 https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=06e51489061e5473b4e2035c79dcf7c27a6f75a6 https://www.codeaurora.org/invalid-path-check-ashmem-memory-file-cve-2016-5340 • CWE-20: Improper Input Validation •
CVE-2016-5696 – kernel: challenge ACK counter information disclosure.
https://notcve.org/view.php?id=CVE-2016-5696
net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack. net/ipv4/tcp_input.c en el kernel de Linux en versiones anteriores a 4.7 no determina adecuadamente la tasa de segmentos de desafío ACK, lo que facilita a atacantes remotos secuestrar sesiones TCP a través de un ataque ciego en ventana. It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758 http://rhn.redhat.com/errata/RHSA-2016-1631.html http://rhn.redhat.com/errata/RHSA-2016-1632.html http://rhn.redhat.com/errata/RHSA-2016-1633.html http://rhn.redhat.com/errata/RHSA-2016-1657.html http://rhn.redhat.com/errata/RHSA-2016-1664.html http://rhn.redhat.com/errata/RHSA-2016-1814.html http://rhn.redhat.com/errata/RHSA-2016-1815.html http://rhn. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •