Detection of error condition without proper action in msm_ds2_dap_param_visualizer_control_get() (CVE-2016-5853)

Release Date:

April 17, 2017

Affected Projects:

Android for MSMFirefox OS for MSMQRD Android

Advisory ID:

QCIR-2017-00024-1

CVE ID(s):

CVE-2016-5853

Summary:

The following security vulnerabilities have been identified: CVE-2016-5853 The function msm_ds2_dap_param_visualizer_control_get() implements a sanity check to check if the length value is in the correct range. When processing this check and the length value is not in the correct range, an error message is printed, but code execution continues in the same way as for a correct length value.

Access Vector: Local

Security Risk: Medium

Access Vector: Local

Affected Versions:

All Android releases from CAF using the Linux kernel.

Patch:

We advise customers to apply the following patches:

Individual Patches
CVE-2016-5853:

• https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=e879fc7eca7e3ba0ab9dcf24d2f717e49718a01e
• https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=49d27afe9a76273e0d5314cf9241d1d1c3561d13
• https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=a8f3b894de319718aecfc2ce9c691514696805be

Acknowledgement:

Qualcomm Innovation Center, Inc. (QuIC) thanks Seven Shen (Trend Micro Mobile Threat Research Team) for bringing this issue to QuIC’s attention.

Revisions:

Initial revision

Contact: