Skip to main content

Buffer overflow in Adreno GPU MSM Driver (CVE­-2016-­2062)

Release Date:

April 28, 2016

Affected Projects:

Android for MSMFirefox OS for MSMQRD Android

Advisory ID:


CVE ID(s):



The Adreno GPU driver for the MSM Linux kernel contains a heap overflow in the IOCTL_KGSL_PERFCOUNTER_QUERY ioctl command. This results from an incorrect conversion to a signed type when calculating the minimum count value for the query option. This results in a negative integer being used to calculate the size of the buffer, which can result in an integer overflow and a small sized allocation on 32bit systems.

Access Vector: Local
Security Risk: High
Access Vector: Local

Affected Versions:

All Android releases from CAF using the Linux kernel.


We advise customers to apply the following patches:

Individual Patches




Qualcomm Innovation Center, Inc. (QuIC) thanks Ben Hawkes of Google Project Zero for reporting the related issues and working with QuIC to help improve Android device security.


Initial revision