security-advisory@quicinc.com
Out of range pointer offset in __qseecom_send_modfd_resp (CVE-2016-3931)
Release Date:
October 3, 2016
Affected Projects:
Android for MSMFirefox OS for MSMQRD Android
Advisory ID:
QCIR-2016-00045-1
CVE ID(s):
Summary:
The following security vulnerabilities have been identified: CVE-2016-3931 The resp_len and resp_buf_ptr of qseecom_send_modfd_listener_resp are not checked, so if a userspace application sets resp_len to be larger than the buffer size, a write occurs outside the buffer.
Access Vector: Local
Security Risk: High
Access Vector: Local
Affected Versions:
All Android releases from CAF using the Linux kernel.
Patch:
We advise customers to apply the following patches:
Individual Patches
-
- CVE-2016-3931:
Acknowledgement:
This issue was reported to Google by an external security researcher. Qualcomm Innovation Center, Inc. (QuIC) thanks Google for bringing this issue to QuIC's attention. We also thank Seven Shen from Trend Micro Mobile Threat Research Team who discovered the issue independently.
Revisions:
Initial