Elevation of Privilege Vulnerability in Qualcomm Performance Module (CVE-2016-0805)
Release Date:
April 20, 2016
Affected Projects:
Android for MSMFirefox OS for MSMQRD Android
Advisory ID:
QCIR-2016-00005-1
CVE ID(s):
Summary:
CVE-2016-0805: When processing the __NR_perf_event_open system call, if bits 12-15 of the config parameter are 0x1, 0x2, or 0x3, a buffer overflow occurs.
Access Vector: Local
Security Risk: High
Access Vector: Local
Affected Versions:
All Android releases from CAF using the Linux kernel.
Patch:
We advise customers to apply the following patches:
Acknowledgement:
Please reference Google's February 2016 Nexus Security Advisory. This issue is ANDROID-25773204.
Revisions:
Initial revision