ByteOS Network

Vulnerability Details :

CVE-2016-5856

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-12 Apr, 2017 | 22:00

Updated At-06 Aug, 2024 | 01:15

Drivers/soc/qcom/spcom.c in the Qualcomm SPCom driver in the Android kernel 2017-03-05 allows local users to gain privileges, a different vulnerability than CVE-2016-5857.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:12 Apr, 2017 | 22:00

Updated At:06 Aug, 2024 | 01:15

▼CVE Numbering Authority (CNA)

Drivers/soc/qcom/spcom.c in the Qualcomm SPCom driver in the Android kernel 2017-03-05 allows local users to gain privileges, a different vulnerability than CVE-2016-5857.

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
https://source.android.com/security/bulletin/2017-03-01	x_refsource_CONFIRM
http://www.securitytracker.com/id/1037968	vdb-entry x_refsource_SECTRACK
https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=0c0622914ba53cdcb6e79e85f64bfdf7762c0368	x_refsource_CONFIRM

Hyperlink: https://source.android.com/security/bulletin/2017-03-01

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.securitytracker.com/id/1037968

Resource:

vdb-entry

x_refsource_SECTRACK

Hyperlink: https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=0c0622914ba53cdcb6e79e85f64bfdf7762c0368

Resource:

x_refsource_CONFIRM

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://source.android.com/security/bulletin/2017-03-01	x_refsource_CONFIRM x_transferred
http://www.securitytracker.com/id/1037968	vdb-entry x_refsource_SECTRACK x_transferred
https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=0c0622914ba53cdcb6e79e85f64bfdf7762c0368	x_refsource_CONFIRM x_transferred

Hyperlink: https://source.android.com/security/bulletin/2017-03-01

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://www.securitytracker.com/id/1037968

Resource:

vdb-entry

x_refsource_SECTRACK

x_transferred

Hyperlink: https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=0c0622914ba53cdcb6e79e85f64bfdf7762c0368

Resource:

x_refsource_CONFIRM

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:12 Apr, 2017 | 22:59

Updated At:20 Apr, 2025 | 01:37

Drivers/soc/qcom/spcom.c in the Qualcomm SPCom driver in the Android kernel 2017-03-05 allows local users to gain privileges, a different vulnerability than CVE-2016-5857.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	7.0	HIGH	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary	2.0	7.6	HIGH	AV:N/AC:H/Au:N/C:C/I:C/A:C

Type: Primary

Version: 3.0

Base score: 7.0

Base severity: HIGH

Vector:

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 7.6

Base severity: HIGH

Vector:

AV:N/AC:H/Au:N/C:C/I:C/A:C

CPE Matches

Linux Kernel Organization, Inc

>>linux_kernel>>4.3.6

cpe:2.3:o:linux:linux_kernel:4.3.6:*:*:*:*:*:*:*

Google LLC

>>android>>Versions up to 6.0.1(inclusive)

cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-264	Primary	nvd@nist.gov

CWE ID: CWE-264

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.securitytracker.com/id/1037968	cve@mitre.org	Third Party Advisory VDB Entry
https://source.android.com/security/bulletin/2017-03-01	cve@mitre.org	Vendor Advisory
https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=0c0622914ba53cdcb6e79e85f64bfdf7762c0368	cve@mitre.org	Issue Tracking Patch Third Party Advisory
http://www.securitytracker.com/id/1037968	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry
https://source.android.com/security/bulletin/2017-03-01	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=0c0622914ba53cdcb6e79e85f64bfdf7762c0368	af854a3a-2127-422b-91ae-364da2661108	Issue Tracking Patch Third Party Advisory

Hyperlink: http://www.securitytracker.com/id/1037968

Source: cve@mitre.org

Resource:

Third Party Advisory

VDB Entry

Hyperlink: https://source.android.com/security/bulletin/2017-03-01

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=0c0622914ba53cdcb6e79e85f64bfdf7762c0368

Source: cve@mitre.org

Resource:

Issue Tracking

Patch

Third Party Advisory

Hyperlink: http://www.securitytracker.com/id/1037968

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Third Party Advisory

VDB Entry

Hyperlink: https://source.android.com/security/bulletin/2017-03-01

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Vendor Advisory

Hyperlink: https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=0c0622914ba53cdcb6e79e85f64bfdf7762c0368

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Issue Tracking

Patch

Third Party Advisory

Similar CVEs

205Records found

CVE-2016-8457

Matching Score-8

Assigner-Android (associated with Google Inc. or Open Handset Alliance)

View Details

Matching Score-8

Assigner-Android (associated with Google Inc. or Open Handset Alliance)

CVSS Score-7||HIGH

EPSS-0.17% / 38.75%

7 Day CHG~0.00%

Published-12 Jan, 2017 | 20:00

Updated-20 Apr, 2025 | 01:37

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32219453. References: B-RB#106116.

Vendor-Google LLC Linux Kernel Organization, Inc

Product-linux_kernel Android

CVE-2016-8421

Matching Score-8

Assigner-Android (associated with Google Inc. or Open Handset Alliance)

View Details

Matching Score-8

Assigner-Android (associated with Google Inc. or Open Handset Alliance)

CVSS Score-7||HIGH

EPSS-0.13% / 32.28%

7 Day CHG~0.00%

Published-08 Feb, 2017 | 15:00

Updated-20 Apr, 2025 | 01:37

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451104. References: QC-CR#1087797.

Vendor-Google LLC Linux Kernel Organization, Inc

Product-linux_kernel android Android

CVE-2016-8435

Matching Score-8

Assigner-Android (associated with Google Inc. or Open Handset Alliance)

View Details

Matching Score-8

Assigner-Android (associated with Google Inc. or Open Handset Alliance)

CVSS Score-7||HIGH

EPSS-0.18% / 40.14%

7 Day CHG~0.00%

Published-12 Jan, 2017 | 20:00

Updated-20 Apr, 2025 | 01:37

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32700935. References: N-CVE-2016-8435.

Vendor-Google LLC Linux Kernel Organization, Inc

Product-linux_kernel Android

CWE ID-CWE-284

Improper Access Control

CVE-2016-8454

Matching Score-8

Assigner-Android (associated with Google Inc. or Open Handset Alliance)

View Details

Matching Score-8

Assigner-Android (associated with Google Inc. or Open Handset Alliance)

CVSS Score-7||HIGH

EPSS-0.23% / 45.34%

7 Day CHG~0.00%

Published-12 Jan, 2017 | 20:00

Updated-20 Apr, 2025 | 01:37

Vendor-n/a Linux Kernel Organization, Inc

Product-linux_kernel Android Kernel-3.10 Kernel-3.18

CVE-2019-2008

Matching Score-8

Assigner-Android (associated with Google Inc. or Open Handset Alliance)

View Details

Matching Score-8

Assigner-Android (associated with Google Inc. or Open Handset Alliance)

CVSS Score-7.5||HIGH

EPSS-0.11% / 30.04%

7 Day CHG~0.00%

Published-19 Jun, 2019 | 19:56

Updated-04 Aug, 2024 | 18:35

In createEffect of AudioFlinger.cpp, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-122309228

Vendor-n/a Google LLC

Product-android Android

CWE ID-CWE-787

Out-of-bounds Write

CWE ID-CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVE-2016-5856

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs