Elevation of Privilege Vulnerability in Qualcomm Performance Module (CVE-2016-0805)

Release Date:

April 20, 2016

Affected Projects:

Android for MSMFirefox OS for MSMQRD Android

Advisory ID:

QCIR-2016-00005-1

CVE ID(s):

CVE-2016-0805

Summary:

CVE-2016-0805: When processing the __NR_perf_event_open system call, if bits 12-15 of the config parameter are 0x1, 0x2, or 0x3, a buffer overflow occurs.

Access Vector: Local
Security Risk: High
Access Vector: Local

Affected Versions:

All Android releases from CAF using the Linux kernel.

Patch:
Acknowledgement:

Please reference Google's February 2016 Nexus Security Advisory. This issue is ANDROID-25773204.

Revisions:

Initial revision

Contact:

security-advisory@quicinc.com