Buffer Overflow Vulnerability in msm_compr_ioctl_shared (CVE-2016-3866)
Release Date:
August 15, 2016
Affected Projects:
Android for MSMFirefox OS for MSMQRD Android
Advisory ID:
QCIR-2016-00033-1
CVE ID(s):
Summary:
The following security vulnerabilities have been identified in QuIC-authored Audio code. CVE-2016-3866 While parsing codec parameters (received through msm_compr_ioctl_shared), the param_length size is not checked due to removal of an initialization, leading to a possible buffer overflow.
Access Vector: Local
Security Risk: High
Access Vector: Local
Affected Versions:
All Android releases from CAF using the Linux kernel.
Patch:
We advise customers to apply the following patches:
Individual Patches
- CVE-2016-3866: https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=5180cefe0eeb6f3e6e0c4967652facd20f07c20c
Note
This issue will be published in the upcoming Android Security Bulletin.
Acknowledgement:
We thank the Google Android Security Team for bringing this issue to our attention. This issue was reported to the Google Android Security Team by Gengjia Chen (@chengjia4574) and pjf (weibo.com/jfpan) of IceSword Lab, Qihoo 360.
Revisions:
Initial revision
Contact:
security-advisory@quicinc.com