Sign-up

ID

VAR-201611-0132


CVE

CVE-2016-6739


TITLE

Android of Qualcomm Elevation of privilege vulnerability in camera drivers

Trust: 0.8

sources: JVNDB: JVNDB-2016-006006

DESCRIPTION

An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30074605. References: Qualcomm QC-CR#1049826. GoogleNexus is a series of smart devices based on the Android operating system, including mobile phones and tablets. The smart device is powered by Google and licensed to partner hardware vendors for manufacturing. QualcommCameraDriver is one of the high-performance camera drivers. Google Nexus is prone to multiple privilege-escalation vulnerabilities. These issues are being tracked by Android Bug IDs A-30074605, A-30143904 and A-30559423

Trust: 2.52

sources: NVD: CVE-2016-6739 // JVNDB: JVNDB-2016-006006 // CNVD: CNVD-2016-11134 // BID: 94142 // VULMON: CVE-2016-6739

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-11134

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:eqversion:7.0

Trust: 1.6

vendor:googlemodel:androidscope:lteversion:7.1.0

Trust: 1.0

vendor:googlemodel:android onescope:eqversion:0

Trust: 0.9

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.9

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.9

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.9

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.9

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.9

vendor:googlemodel:androidscope:eqversion:2016-11-05

Trust: 0.8

vendor:googlemodel:androidscope:eqversion:7.1.0

Trust: 0.6

sources: CNVD: CNVD-2016-11134 // BID: 94142 // JVNDB: JVNDB-2016-006006 // CNNVD: CNNVD-201611-246 // NVD: CVE-2016-6739

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6739
value: HIGH

Trust: 1.0

NVD: CVE-2016-6739
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-11134
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201611-246
value: CRITICAL

Trust: 0.6

VULMON: CVE-2016-6739
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-6739
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2016-11134
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2016-6739
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-11134 // VULMON: CVE-2016-6739 // JVNDB: JVNDB-2016-006006 // CNNVD: CNNVD-201611-246 // NVD: CVE-2016-6739

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.8

sources: JVNDB: JVNDB-2016-006006 // NVD: CVE-2016-6739

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201611-246

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201611-246

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-006006

PATCH
title:Android Security Bulletin-November 2016url:https://source.android.com/security/bulletin/2016-11-01.html
Trust: 0.8
title:Patch for GoogleNexusQualcommCameraDriver privilege escalation vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/83979
Trust: 0.6
title:Google Android Qualcomm Camera Driver privilege vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65615
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—November 2016url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=29d79db4a6421689e55b5a9ce5d2aa60
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-11134 // 
            
            
            
            VULMON: CVE-2016-6739 // 
            
            
            
            JVNDB: JVNDB-2016-006006 // 
            
            
            
            CNNVD: CNNVD-201611-246

EXTERNAL IDS
db:NVDid:CVE-2016-6739
Trust: 3.4
db:BIDid:94142
Trust: 2.6
db:JVNDBid:JVNDB-2016-006006
Trust: 0.8
db:CNVDid:CNVD-2016-11134
Trust: 0.6
db:CNNVDid:CNNVD-201611-246
Trust: 0.6
db:VULMONid:CVE-2016-6739
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-11134 // 
            
            
            
            VULMON: CVE-2016-6739 // 
            
            
            
            BID: 94142 // 
            
            
            
            JVNDB: JVNDB-2016-006006 // 
            
            
            
            CNNVD: CNNVD-201611-246 // 
            
            
            
            NVD: CVE-2016-6739

REFERENCES
url:http://www.securityfocus.com/bid/94142
Trust: 2.4
url:https://source.android.com/security/bulletin/2016-11-01.html
Trust: 2.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6739
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6739
Trust: 0.8
url:http://code.google.com/android/
Trust: 0.3
url:https://developers.google.com/android/nexus/images
Trust: 0.3
url:https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=d291eebd8e43bba3229ae7ef9146a132894dc293
Trust: 0.3
url:https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=ef78bd62f0c064ae4c827e158d828b2c110ebcdc
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/264.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-11134 // 
            
            
            
            VULMON: CVE-2016-6739 // 
            
            
            
            BID: 94142 // 
            
            
            
            JVNDB: JVNDB-2016-006006 // 
            
            
            
            CNNVD: CNNVD-201611-246 // 
            
            
            
            NVD: CVE-2016-6739

CREDITS
Jianqiang Zhao (@jianqiangzhao) ,pjf of IceSword Lab, Qihoo 360 Technology Co. Ltd and Gengjia Chen (@chengjia4574)
Trust: 0.9
sources:
            
            
            BID: 94142 // 
            
            
            
            CNNVD: CNNVD-201611-246

SOURCES
db:CNVDid:CNVD-2016-11134
db:VULMONid:CVE-2016-6739
db:BIDid:94142
db:JVNDBid:JVNDB-2016-006006
db:CNNVDid:CNNVD-201611-246
db:NVDid:CVE-2016-6739

LAST UPDATE DATE
2024-08-14T14:13:42.617000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-11134date:2016-11-16T00:00:00
db:VULMONid:CVE-2016-6739date:2016-11-28T00:00:00
db:BIDid:94142date:2016-11-24T01:08:00
db:JVNDBid:JVNDB-2016-006006date:2016-11-29T00:00:00
db:CNNVDid:CNNVD-201611-246date:2016-11-29T00:00:00
db:NVDid:CVE-2016-6739date:2016-11-28T20:34:58.293

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-11134date:2016-11-16T00:00:00
db:VULMONid:CVE-2016-6739date:2016-11-25T00:00:00
db:BIDid:94142date:2016-11-08T00:00:00
db:JVNDBid:JVNDB-2016-006006date:2016-11-29T00:00:00
db:CNNVDid:CNNVD-201611-246date:2016-11-15T00:00:00
db:NVDid:CVE-2016-6739date:2016-11-25T16:59:42.147