Skip to main content

Elevation of Privilege Vulnerability in Performance Module (CVE-2016-3768)

Release Date:

July 6, 2016

Affected Projects:

Android for MSMFirefox OS for MSMQRD Android

Advisory ID:


CVE ID(s):



The following security vulnerabilities have been identified in QuIC-authored KGSL Linux Graphics Module. CVE-2016-3768 When a performance event in off state is enabled multiple times, it gets duplicated. After removal, some duplicated entries remain, leading to a possible use after free in the kernel.

Access Vector: Local
Security Risk: High
Access Vector: Local

Affected Versions:

All Android releases from CAF using the Linux kernel.


We advise customers to apply the following patch:

Individual Patch

Note: This issue is also described in the Android Public Security Bulletin for July 2016.


This issue was reported to Google by an external security researcher. Qualcomm Innovation Center, Inc. (QuIC) thanks Google for bringing this issue to QuIC's attention.


Initial revision