Buffer Overflow in IPA Driver Allows Local Privilege Elevation (CVE-2016-0844)

Release Date: 
April 1, 2016
Advisory ID: 
QCIR-2016-00002-1
Summary: 

CVE-2016-0844:
When adding more than ten multiplexer channels through ipa_wwan_ioctl, a buffer overflow occurs.

Access Vector: Local
Security Risk: High
Vulnerability: CWE-120 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'))

Affected versions
All Android releases from CAF using the Linux kernel.

Acknowledgement: 

Qualcomm Innovation Center, Inc. (QuIC) thanks Gengjia Chen (@chengjia4574), pjf (weibo.com/jfpan), and Jianqiang Zhao (@jianqiangzhao) of IceSword Lab, Qihoo 360, for reporting the issue and working with QuIC to help improve Android device security.

Revisions: 

Initial revision

Contact: 
security-advisory@quicinc.com