ID

VAR-201611-0132


CVE

CVE-2016-6739


TITLE

Android of Qualcomm Elevation of privilege vulnerability in camera drivers

Trust: 0.8

sources: JVNDB: JVNDB-2016-006006

DESCRIPTION

An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30074605. References: Qualcomm QC-CR#1049826. GoogleNexus is a series of smart devices based on the Android operating system, including mobile phones and tablets. The smart device is powered by Google and licensed to partner hardware vendors for manufacturing. QualcommCameraDriver is one of the high-performance camera drivers. Google Nexus is prone to multiple privilege-escalation vulnerabilities. These issues are being tracked by Android Bug IDs A-30074605, A-30143904 and A-30559423

Trust: 2.52

sources: NVD: CVE-2016-6739 // JVNDB: JVNDB-2016-006006 // CNVD: CNVD-2016-11134 // BID: 94142 // VULMON: CVE-2016-6739

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-11134

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:eqversion:7.0

Trust: 1.6

vendor:googlemodel:androidscope:lteversion:7.1.0

Trust: 1.0

vendor:googlemodel:android onescope:eqversion:0

Trust: 0.9

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.9

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.9

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.9

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.9

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.9

vendor:googlemodel:androidscope:eqversion:2016-11-05

Trust: 0.8

vendor:googlemodel:androidscope:eqversion:7.1.0

Trust: 0.6

sources: CNVD: CNVD-2016-11134 // BID: 94142 // JVNDB: JVNDB-2016-006006 // CNNVD: CNNVD-201611-246 // NVD: CVE-2016-6739

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6739
value: HIGH

Trust: 1.0

NVD: CVE-2016-6739
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-11134
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201611-246
value: CRITICAL

Trust: 0.6

VULMON: CVE-2016-6739
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-6739
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2016-11134
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2016-6739
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-11134 // VULMON: CVE-2016-6739 // JVNDB: JVNDB-2016-006006 // CNNVD: CNNVD-201611-246 // NVD: CVE-2016-6739

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.8

sources: JVNDB: JVNDB-2016-006006 // NVD: CVE-2016-6739

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201611-246

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201611-246

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-006006

PATCH

title:Android Security Bulletin-November 2016url:https://source.android.com/security/bulletin/2016-11-01.html

Trust: 0.8

title:Patch for GoogleNexusQualcommCameraDriver privilege escalation vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/83979

Trust: 0.6

title:Google Android Qualcomm Camera Driver privilege vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65615

Trust: 0.6

title:Android Security Bulletins: Android Security Bulletin—November 2016url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=29d79db4a6421689e55b5a9ce5d2aa60

Trust: 0.1

sources: CNVD: CNVD-2016-11134 // VULMON: CVE-2016-6739 // JVNDB: JVNDB-2016-006006 // CNNVD: CNNVD-201611-246

EXTERNAL IDS

db:NVDid:CVE-2016-6739

Trust: 3.4

db:BIDid:94142

Trust: 2.6

db:JVNDBid:JVNDB-2016-006006

Trust: 0.8

db:CNVDid:CNVD-2016-11134

Trust: 0.6

db:CNNVDid:CNNVD-201611-246

Trust: 0.6

db:VULMONid:CVE-2016-6739

Trust: 0.1

sources: CNVD: CNVD-2016-11134 // VULMON: CVE-2016-6739 // BID: 94142 // JVNDB: JVNDB-2016-006006 // CNNVD: CNNVD-201611-246 // NVD: CVE-2016-6739

REFERENCES

url:http://www.securityfocus.com/bid/94142

Trust: 2.4

url:https://source.android.com/security/bulletin/2016-11-01.html

Trust: 2.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6739

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6739

Trust: 0.8

url:http://code.google.com/android/

Trust: 0.3

url:https://developers.google.com/android/nexus/images

Trust: 0.3

url:https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=d291eebd8e43bba3229ae7ef9146a132894dc293

Trust: 0.3

url:https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=ef78bd62f0c064ae4c827e158d828b2c110ebcdc

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/264.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2016-11134 // VULMON: CVE-2016-6739 // BID: 94142 // JVNDB: JVNDB-2016-006006 // CNNVD: CNNVD-201611-246 // NVD: CVE-2016-6739

CREDITS

Jianqiang Zhao (@jianqiangzhao) ,pjf of IceSword Lab, Qihoo 360 Technology Co. Ltd and Gengjia Chen (@chengjia4574)

Trust: 0.9

sources: BID: 94142 // CNNVD: CNNVD-201611-246

SOURCES

db:CNVDid:CNVD-2016-11134
db:VULMONid:CVE-2016-6739
db:BIDid:94142
db:JVNDBid:JVNDB-2016-006006
db:CNNVDid:CNNVD-201611-246
db:NVDid:CVE-2016-6739

LAST UPDATE DATE

2024-08-14T14:13:42.617000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2016-11134date:2016-11-16T00:00:00
db:VULMONid:CVE-2016-6739date:2016-11-28T00:00:00
db:BIDid:94142date:2016-11-24T01:08:00
db:JVNDBid:JVNDB-2016-006006date:2016-11-29T00:00:00
db:CNNVDid:CNNVD-201611-246date:2016-11-29T00:00:00
db:NVDid:CVE-2016-6739date:2016-11-28T20:34:58.293

SOURCES RELEASE DATE

db:CNVDid:CNVD-2016-11134date:2016-11-16T00:00:00
db:VULMONid:CVE-2016-6739date:2016-11-25T00:00:00
db:BIDid:94142date:2016-11-08T00:00:00
db:JVNDBid:JVNDB-2016-006006date:2016-11-29T00:00:00
db:CNNVDid:CNNVD-201611-246date:2016-11-15T00:00:00
db:NVDid:CVE-2016-6739date:2016-11-25T16:59:42.147