Buffer Overflow Vulnerability in msm_compr_ioctl_shared (CVE-2016-3866)

Release Date:

August 15, 2016

Affected Projects:

Android for MSMFirefox OS for MSMQRD Android

Advisory ID:

QCIR-2016-00033-1

CVE ID(s):

CVE-2016-3866

Summary:

The following security vulnerabilities have been identified in QuIC-authored Audio code. CVE-2016-3866 While parsing codec parameters (received through msm_compr_ioctl_shared), the param_length size is not checked due to removal of an initialization, leading to a possible buffer overflow.

Access Vector: Local

Security Risk: High

Access Vector: Local

Affected Versions:

All Android releases from CAF using the Linux kernel.

Patch:

We advise customers to apply the following patches:

Individual Patches

• CVE-2016-3866: https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=5180cefe0eeb6f3e6e0c4967652facd20f07c20c

Note

This issue will be published in the upcoming Android Security Bulletin.

Acknowledgement:

We thank the Google Android Security Team for bringing this issue to our attention. This issue was reported to the Google Android Security Team by Gengjia Chen (@chengjia4574) and pjf (weibo.com/jfpan) of IceSword Lab, Qihoo 360.

Revisions:

Initial revision

Contact:

security-advisory@quicinc.com