ID

VAR-201611-0121


CVE

CVE-2016-6728


TITLE

Android of kernel ION Elevation of privilege vulnerability in subsystem

Trust: 0.8

sources: JVNDB: JVNDB-2016-006002

DESCRIPTION

An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30400942. GoogleNexus5X and so on are all smart devices from Google. kernelION is one of the kernel memory management subsystems. Google Android is prone to multiple remote privilege-escalation vulnerabilities. These issues are being tracked by Android Bug IDs A-30400942 and A-30928456

Trust: 2.52

sources: NVD: CVE-2016-6728 // JVNDB: JVNDB-2016-006002 // CNVD: CNVD-2016-11151 // BID: 94202 // VULMON: CVE-2016-6728

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-11151

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:eqversion:7.0

Trust: 1.6

vendor:googlemodel:androidscope: - version: -

Trust: 1.2

vendor:googlemodel:androidscope:lteversion:7.1.0

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:2016-11-05

Trust: 0.8

vendor:googlemodel:android one devicesscope: - version: -

Trust: 0.6

vendor:googlemodel:android(on nexusscope:eqversion:5)

Trust: 0.6

vendor:googlemodel:android(on nexusscope:eqversion:5x)

Trust: 0.6

vendor:googlemodel:pixel cscope: - version: -

Trust: 0.6

vendor:googlemodel:android(on nexusscope:eqversion:6)

Trust: 0.6

vendor:googlemodel:androidscope:eqversion:7.1.0

Trust: 0.6

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexus playerscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5

Trust: 0.3

vendor:googlemodel:android onescope:eqversion:0

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2016-11151 // BID: 94202 // JVNDB: JVNDB-2016-006002 // CNNVD: CNNVD-201611-288 // NVD: CVE-2016-6728

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6728
value: HIGH

Trust: 1.0

NVD: CVE-2016-6728
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-11151
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201611-288
value: CRITICAL

Trust: 0.6

VULMON: CVE-2016-6728
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-6728
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2016-11151
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2016-6728
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-11151 // VULMON: CVE-2016-6728 // JVNDB: JVNDB-2016-006002 // CNNVD: CNNVD-201611-288 // NVD: CVE-2016-6728

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.8

sources: JVNDB: JVNDB-2016-006002 // NVD: CVE-2016-6728

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201611-288

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201611-288

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-006002

PATCH

title:Android Security Bulletin-November 2016url:https://source.android.com/security/bulletin/2016-11-01.html

Trust: 0.8

title:Patches for various Google products kernelION subsystem privilege escalation vulnerability (CNVD-2016-11151)url:https://www.cnvd.org.cn/patchInfo/show/83932

Trust: 0.6

title:Multiple Google product kernel ION Repair measures for subsystem escalation vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65657

Trust: 0.6

title:Android Security Bulletins: Android Security Bulletin—November 2016url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=29d79db4a6421689e55b5a9ce5d2aa60

Trust: 0.1

title:hardware-attacks-state-of-the-arturl:https://github.com/codexlynx/hardware-attacks-state-of-the-art

Trust: 0.1

title:Threatposturl:https://threatpost.com/rowhammer-vulnerability-comes-to-android/121480/

Trust: 0.1

sources: CNVD: CNVD-2016-11151 // VULMON: CVE-2016-6728 // JVNDB: JVNDB-2016-006002 // CNNVD: CNNVD-201611-288

EXTERNAL IDS

db:NVDid:CVE-2016-6728

Trust: 3.4

db:BIDid:94202

Trust: 2.6

db:JVNDBid:JVNDB-2016-006002

Trust: 0.8

db:CNVDid:CNVD-2016-11151

Trust: 0.6

db:CNNVDid:CNNVD-201611-288

Trust: 0.6

db:VULMONid:CVE-2016-6728

Trust: 0.1

sources: CNVD: CNVD-2016-11151 // VULMON: CVE-2016-6728 // BID: 94202 // JVNDB: JVNDB-2016-006002 // CNNVD: CNNVD-201611-288 // NVD: CVE-2016-6728

REFERENCES

url:http://www.securityfocus.com/bid/94202

Trust: 2.4

url:https://source.android.com/security/bulletin/2016-11-01.html

Trust: 2.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6728

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6728

Trust: 0.8

url:http://www.android.com/

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/264.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://threatpost.com/rowhammer-vulnerability-comes-to-android/121480/

Trust: 0.1

sources: CNVD: CNVD-2016-11151 // VULMON: CVE-2016-6728 // BID: 94202 // JVNDB: JVNDB-2016-006002 // CNNVD: CNNVD-201611-288 // NVD: CVE-2016-6728

CREDITS

Yanick Fratantonio, Martina Lindorfer, and Giovanni Vigna of University of California, Santa Barbara, and Billy Lau of Android Security

Trust: 0.9

sources: BID: 94202 // CNNVD: CNNVD-201611-288

SOURCES

db:CNVDid:CNVD-2016-11151
db:VULMONid:CVE-2016-6728
db:BIDid:94202
db:JVNDBid:JVNDB-2016-006002
db:CNNVDid:CNNVD-201611-288
db:NVDid:CVE-2016-6728

LAST UPDATE DATE

2024-11-23T22:01:22.634000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2016-11151date:2016-11-16T00:00:00
db:VULMONid:CVE-2016-6728date:2016-11-28T00:00:00
db:BIDid:94202date:2016-11-24T01:08:00
db:JVNDBid:JVNDB-2016-006002date:2016-11-29T00:00:00
db:CNNVDid:CNNVD-201611-288date:2016-11-29T00:00:00
db:NVDid:CVE-2016-6728date:2024-11-21T02:56:42.830

SOURCES RELEASE DATE

db:CNVDid:CNVD-2016-11151date:2016-11-16T00:00:00
db:VULMONid:CVE-2016-6728date:2016-11-25T00:00:00
db:BIDid:94202date:2016-11-08T00:00:00
db:JVNDBid:JVNDB-2016-006002date:2016-11-29T00:00:00
db:CNNVDid:CNNVD-201611-288date:2016-11-15T00:00:00
db:NVDid:CVE-2016-6728date:2016-11-25T16:59:30.083