Invalid Path Check on ashmem Memory File (CVE-2016-5340)

Release Date:

July 28, 2016

Affected Projects:

Android for MSM Firefox OS for MSM QRD Android

Advisory ID:

QCIR-2016-00027-1

CVE ID(s):

CVE-2016-5340

Summary:

The following security vulnerabilities have been identified in QuIC-authored KGSL Linux Graphics Module. CVE-2016-5340 Invalid access to ashmem area in cases where someone deliberately set the dentry name to /ashmem

Access Vector: Local

Security Risk: High

Access Vector: Local

Affected Versions:

All Android releases from CAF using the Linux kernel.

Patch:

We advise customers to apply the following patches:

Individual Patches

CVE-2016-5340:
https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=06e51489061e5473b4e2035c79dcf7c27a6f75a6

Acknowledgement:

Qualcomm Innovation Center, Inc. (QuIC) thanks Adam Donenfeld et al. (Check Point Software Technologies Ltd.) for reporting these issues and working with QuIC to help improve the security of QuIC products.

Revisions:

Initial revision

Contact:

security-advisory@quicinc.com