Sign-up

ID

VAR-201608-0172


CVE

CVE-2016-3843


TITLE

Android Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2016-004253

DESCRIPTION

Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs 28086229 and 29119870 and Qualcomm internal bug CR1011071. GoogleNexus is a high-end mobile phone series powered by Google\342\200\231s original Android system. GoogleNexus has a privilege elevation vulnerability that could allow an attacker to execute arbitrary code using elevated kernel-wide permissions. Google Android is prone to multiple privilege escalation vulnerabilities. Attackers can exploit these issues to gain elevated privileges within the context of the affected application. These issues are being tracked by Android Bug IDs A-29119870 and A-28086229

Trust: 2.79

sources: NVD: CVE-2016-3843 // JVNDB: JVNDB-2016-004253 // CNVD: CNVD-2016-06076 // BID: 92237 // BID: 92250 // VULMON: CVE-2016-3843

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-06076

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:lteversion:6.0.1

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:6.0.1

Trust: 0.9

vendor:googlemodel:androidscope:eqversion:2016-08-05

Trust: 0.8

vendor:googlemodel:nexusscope: - version: -

Trust: 0.6

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.6

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.6

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexus playerscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:7

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5

Trust: 0.3

vendor:googlemodel:android onescope:eqversion:0

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:6.0

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2016-06076 // BID: 92237 // BID: 92250 // JVNDB: JVNDB-2016-004253 // CNNVD: CNNVD-201608-029 // NVD: CVE-2016-3843

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-3843
value: HIGH

Trust: 1.0

NVD: CVE-2016-3843
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-06076
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201608-029
value: CRITICAL

Trust: 0.6

VULMON: CVE-2016-3843
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-3843
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2016-06076
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2016-3843
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-06076 // VULMON: CVE-2016-3843 // JVNDB: JVNDB-2016-004253 // CNNVD: CNNVD-201608-029 // NVD: CVE-2016-3843

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.8

sources: JVNDB: JVNDB-2016-004253 // NVD: CVE-2016-3843

THREAT TYPE

network

Trust: 0.6

sources: BID: 92237 // BID: 92250

TYPE

Unknown

Trust: 0.6

sources: BID: 92237 // BID: 92250

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004253

PATCH
title:Android Security Bulletin-August 2016url:http://source.android.com/security/bulletin/2016-08-01.html
Trust: 0.8
title:Patch for GoogleNexus privilege escalation vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/80123
Trust: 0.6
title:Android Kernel Performance Subsystem Repair measures for privilege escalationurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63419
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—August 2016url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=1c52474e34daae48915f8b4129072a86
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-06076 // 
            
            
            
            VULMON: CVE-2016-3843 // 
            
            
            
            JVNDB: JVNDB-2016-004253 // 
            
            
            
            CNNVD: CNNVD-201608-029

EXTERNAL IDS
db:NVDid:CVE-2016-3843
Trust: 3.7
db:BIDid:92250
Trust: 2.0
db:BIDid:92237
Trust: 1.4
db:JVNDBid:JVNDB-2016-004253
Trust: 0.8
db:CNVDid:CNVD-2016-06076
Trust: 0.6
db:AUSCERTid:ESB-2016.1866
Trust: 0.6
db:CNNVDid:CNNVD-201608-029
Trust: 0.6
db:VULMONid:CVE-2016-3843
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-06076 // 
            
            
            
            VULMON: CVE-2016-3843 // 
            
            
            
            BID: 92237 // 
            
            
            
            BID: 92250 // 
            
            
            
            JVNDB: JVNDB-2016-004253 // 
            
            
            
            CNNVD: CNNVD-201608-029 // 
            
            
            
            NVD: CVE-2016-3843

REFERENCES
url:http://source.android.com/security/bulletin/2016-08-01.html
Trust: 2.4
url:http://www.securityfocus.com/bid/92250
Trust: 1.7
url:http://www.securityfocus.com/bid/92237
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3843
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3843
Trust: 0.8
url:http://code.google.com/android/
Trust: 0.6
url:http://www.auscert.org.au/./render.html?it=37318
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/264.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-06076 // 
            
            
            
            VULMON: CVE-2016-3843 // 
            
            
            
            BID: 92237 // 
            
            
            
            BID: 92250 // 
            
            
            
            JVNDB: JVNDB-2016-004253 // 
            
            
            
            CNNVD: CNNVD-201608-029 // 
            
            
            
            NVD: CVE-2016-3843

CREDITS
Wish Wu (@wish_wu) of Trend Micro Inc
Trust: 0.3
sources:
            
            
            BID: 92237

SOURCES
db:CNVDid:CNVD-2016-06076
db:VULMONid:CVE-2016-3843
db:BIDid:92237
db:BIDid:92250
db:JVNDBid:JVNDB-2016-004253
db:CNNVDid:CNNVD-201608-029
db:NVDid:CVE-2016-3843

LAST UPDATE DATE
2024-11-23T19:32:57.901000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-06076date:2016-08-05T00:00:00
db:VULMONid:CVE-2016-3843date:2016-11-28T00:00:00
db:BIDid:92237date:2016-08-01T00:00:00
db:BIDid:92250date:2016-08-01T00:00:00
db:JVNDBid:JVNDB-2016-004253date:2016-08-12T00:00:00
db:CNNVDid:CNNVD-201608-029date:2016-08-10T00:00:00
db:NVDid:CVE-2016-3843date:2024-11-21T02:50:46.847

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-06076date:2016-08-05T00:00:00
db:VULMONid:CVE-2016-3843date:2016-08-05T00:00:00
db:BIDid:92237date:2016-08-01T00:00:00
db:BIDid:92250date:2016-08-01T00:00:00
db:JVNDBid:JVNDB-2016-004253date:2016-08-12T00:00:00
db:CNNVDid:CNNVD-201608-029date:2016-08-03T00:00:00
db:NVDid:CVE-2016-3843date:2016-08-05T20:59:34