ByteOS Network

NVD Vulnerability Details :

CVE-2016-2068

Deferred

Source-cve@mitre.org

Published At-11 Jul, 2016 | 01:59

Updated At-12 Apr, 2025 | 10:46

The MSM QDSP6 audio driver (aka sound driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (integer overflow, and buffer overflow or buffer over-read) via a crafted application that performs a (1) AUDIO_EFFECTS_WRITE or (2) AUDIO_EFFECTS_READ operation, aka Qualcomm internal bug CR1006609.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary	2.0	6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P

CPE Matches

Google LLC

>>android>>Versions up to 6.0.1(inclusive)

cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>Versions from 3.0(inclusive) to 3.19.8(inclusive)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-190	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://source.android.com/security/bulletin/2016-07-01.html	cve@mitre.org	Patch Vendor Advisory
https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=01ee86da5a0cd788f134e360e2be517ef52b6b00	cve@mitre.org	Mailing List Patch Third Party Advisory
https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=9900650540c889f761d102202bc80306ae80ab83	cve@mitre.org	Mailing List Patch Third Party Advisory
https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=2c04c0dab66013b7dfbe4d5a523c2c1d6b5b11d6	cve@mitre.org	Mailing List Patch Third Party Advisory
https://www.codeaurora.org/multiple-vulnerabilities-msm-qdsp6-audio-driver-allow-kernel-memory-corruption-cve-2016-2068-0	cve@mitre.org	Broken Link
http://source.android.com/security/bulletin/2016-07-01.html	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=01ee86da5a0cd788f134e360e2be517ef52b6b00	af854a3a-2127-422b-91ae-364da2661108	Mailing List Patch Third Party Advisory
https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=9900650540c889f761d102202bc80306ae80ab83	af854a3a-2127-422b-91ae-364da2661108	Mailing List Patch Third Party Advisory
https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=2c04c0dab66013b7dfbe4d5a523c2c1d6b5b11d6	af854a3a-2127-422b-91ae-364da2661108	Mailing List Patch Third Party Advisory
https://www.codeaurora.org/multiple-vulnerabilities-msm-qdsp6-audio-driver-allow-kernel-memory-corruption-cve-2016-2068-0	af854a3a-2127-422b-91ae-364da2661108	Broken Link

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History