Buffer Overflow in MSM Thermal Driver Allows Privilege Escalation (CVE-2016-2411)

Release Date: 
April 20, 2016
Advisory ID: 
QCIR-2016-00007-1
Summary: 

CVE-2016-2411:
When processing the MSM_THERMAL_GET_CLUSTER_FREQUENCY_PLAN or MSM_THERMAL_GET_CLUSTER_VOLTAGE_PLAN ioctls, a cluster ID greater than the number of possible CPUs results in the use of an out-of-range pointer offset.

Access Vector: Local
Security Risk: Medium
Vulnerability: CWE-823 (Use of Out-of-range Pointer Offset)

Affected versions
All Android releases from CAF using the Linux kernel.

Acknowledgement: 

Please reference Google's April 2016 Nexus Security Advisory. This issue is ANDROID-26866053.

Revisions: 

Initial revision

Contact: 
security-advisory@quicinc.com