Buffer overflow in Adreno GPU MSM Driver (CVE-2016-2062)
Release Date:
April 28, 2016
Affected Projects:
Android for MSMFirefox OS for MSMQRD Android
Advisory ID:
QCIR-2016-00004-1
CVE ID(s):
Summary:
The Adreno GPU driver for the MSM Linux kernel contains a heap overflow in the IOCTL_KGSL_PERFCOUNTER_QUERY ioctl command. This results from an incorrect conversion to a signed type when calculating the minimum count value for the query option. This results in a negative integer being used to calculate the size of the buffer, which can result in an integer overflow and a small sized allocation on 32bit systems.
Access Vector: Local
Security Risk: High
Access Vector: Local
Affected Versions:
All Android releases from CAF using the Linux kernel.
Patch:
We advise customers to apply the following patches:
Individual Patches
Acknowledgement:
Qualcomm Innovation Center, Inc. (QuIC) thanks Ben Hawkes of Google Project Zero for reporting the related issues and working with QuIC to help improve Android device security.
Revisions:
Initial revision