Buffer overflow in Adreno GPU MSM Driver (CVE­-2016-­2062)

Release Date:

April 28, 2016

Affected Projects:

Android for MSMFirefox OS for MSMQRD Android

Advisory ID:

QCIR-2016-00004-1

CVE ID(s):

CVE­-2016-­2062

Summary:

The Adreno GPU driver for the MSM Linux kernel contains a heap overflow in the IOCTL_KGSL_PERFCOUNTER_QUERY ioctl command. This results from an incorrect conversion to a signed type when calculating the minimum count value for the query option. This results in a negative integer being used to calculate the size of the buffer, which can result in an integer overflow and a small sized allocation on 32bit systems.

Access Vector: Local
Security Risk: High
Access Vector: Local

Affected Versions:

All Android releases from CAF using the Linux kernel.

Patch:

We advise customers to apply the following patches:

Individual Patches

 

 

Acknowledgement:

Qualcomm Innovation Center, Inc. (QuIC) thanks Ben Hawkes of Google Project Zero for reporting the related issues and working with QuIC to help improve Android device security.

Revisions:

Initial revision

Contact:

security-advisory@quicinc.com