Integer Overflow in MDSS Driver (CVE-2016-5344)

Release Date:

August 23, 2016

Affected Projects:

Android for MSMFirefox OS for MSMQRD Android

Advisory ID:

QCIR-2016-00031-1

CVE ID(s):

CVE-2016-5344

Summary:

Out-of-bound access in layer list in rotator and async update in MDSS software due to improper input validation. If large size is passed in, the size value overflows, allocating a too-small buffer that is later accessed out of bounds.

Access Vector: Local
Security Risk: Medium
Access Vector: Local

Affected Versions:

All Android releases from CAF using the following heads: KitKat, Lollipop, Marshmallow

Patch:

We advise customers to apply the following patches:

Individual Patches
CVE-2016-5344

Acknowledgement:

We thank Jianqiang Zhao (@jianqiangzhao) and pjf (weibo.com/jfpan) of IceSword Lab, Qihoo 360 for bringing this issue to our attention.

Revisions:

Initial revision

Contact:

security-advisory@quicinc.com