Elevation of Privilege Vulnerability in the Performance Module (CVE-2016-0843)
Release Date:
May 27, 2016
Affected Projects:
Advisory ID:
QCIR-2016-000011-1
CVE ID(s):
Summary:
CVE-2016-0843 A user space program can write in the data area of the kernel due to a missing index check in the MSM performance event manager, allowing an elevation of privileges.
Access Vector: Local
Security Risk: High
Access Vector: Local
Affected Versions:
All Android releases from CAF using the Performance Component.
Patch:
We advise customers to apply the following patches:
Individual Patches
Note
This issue has been published in the Nexus Security Bulletin – April 2016 (https://source.android.com/security/bulletin/2016-04-02.html)
Acknowledgement:
This issue was reported to Google by a security researcher. Qualcomm Innovation Center, Inc. (QuIC) thanks Google for bringing this issue to QuIC's attention.
Revisions:
Initial revision