Sign-up

ID

VAR-201611-0133


CVE

CVE-2016-6740


TITLE

Android of Qualcomm Elevation of privilege vulnerability in camera drivers

Trust: 0.8

sources: JVNDB: JVNDB-2016-006007

DESCRIPTION

An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30143904. References: Qualcomm QC-CR#1056307. GoogleNexus is a series of smart devices based on the Android operating system, including mobile phones and tablets. The smart device is powered by Google and licensed to partner hardware vendors for manufacturing. QualcommCameraDriver is one of the high-performance camera drivers. Google Nexus is prone to multiple privilege-escalation vulnerabilities. These issues are being tracked by Android Bug IDs A-30074605, A-30143904 and A-30559423

Trust: 2.52

sources: NVD: CVE-2016-6740 // JVNDB: JVNDB-2016-006007 // CNVD: CNVD-2016-11135 // BID: 94142 // VULMON: CVE-2016-6740

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-11135

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:eqversion:7.0

Trust: 1.6

vendor:googlemodel:androidscope:lteversion:7.1.0

Trust: 1.0

vendor:googlemodel:android onescope:eqversion:0

Trust: 0.9

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.9

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.9

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.9

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.9

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.9

vendor:googlemodel:androidscope:eqversion:2016-11-05

Trust: 0.8

vendor:googlemodel:androidscope:eqversion:7.1.0

Trust: 0.6

sources: CNVD: CNVD-2016-11135 // BID: 94142 // JVNDB: JVNDB-2016-006007 // CNNVD: CNNVD-201611-247 // NVD: CVE-2016-6740

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6740
value: HIGH

Trust: 1.0

NVD: CVE-2016-6740
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-11135
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201611-247
value: CRITICAL

Trust: 0.6

VULMON: CVE-2016-6740
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-6740
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2016-11135
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2016-6740
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-11135 // VULMON: CVE-2016-6740 // JVNDB: JVNDB-2016-006007 // CNNVD: CNNVD-201611-247 // NVD: CVE-2016-6740

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.8

sources: JVNDB: JVNDB-2016-006007 // NVD: CVE-2016-6740

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201611-247

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201611-247

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-006007

PATCH
title:Android Security Bulletin-November 2016url:https://source.android.com/security/bulletin/2016-11-01.html
Trust: 0.8
title:Patch for GoogleNexusQualcommCameraDriver Privilege Escalation Vulnerability (CNVD-2016-11135)url:https://www.cnvd.org.cn/patchInfo/show/83980
Trust: 0.6
title:Google Android Qualcomm camera Driver privilege vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65616
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—November 2016url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=29d79db4a6421689e55b5a9ce5d2aa60
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-11135 // 
            
            
            
            VULMON: CVE-2016-6740 // 
            
            
            
            JVNDB: JVNDB-2016-006007 // 
            
            
            
            CNNVD: CNNVD-201611-247

EXTERNAL IDS
db:NVDid:CVE-2016-6740
Trust: 3.4
db:BIDid:94142
Trust: 2.6
db:JVNDBid:JVNDB-2016-006007
Trust: 0.8
db:CNVDid:CNVD-2016-11135
Trust: 0.6
db:CNNVDid:CNNVD-201611-247
Trust: 0.6
db:VULMONid:CVE-2016-6740
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-11135 // 
            
            
            
            VULMON: CVE-2016-6740 // 
            
            
            
            BID: 94142 // 
            
            
            
            JVNDB: JVNDB-2016-006007 // 
            
            
            
            CNNVD: CNNVD-201611-247 // 
            
            
            
            NVD: CVE-2016-6740

REFERENCES
url:http://www.securityfocus.com/bid/94142
Trust: 2.4
url:https://source.android.com/security/bulletin/2016-11-01.html
Trust: 2.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6740
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6740
Trust: 0.8
url:http://code.google.com/android/
Trust: 0.3
url:https://developers.google.com/android/nexus/images
Trust: 0.3
url:https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=d291eebd8e43bba3229ae7ef9146a132894dc293
Trust: 0.3
url:https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=ef78bd62f0c064ae4c827e158d828b2c110ebcdc
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/264.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-11135 // 
            
            
            
            VULMON: CVE-2016-6740 // 
            
            
            
            BID: 94142 // 
            
            
            
            JVNDB: JVNDB-2016-006007 // 
            
            
            
            CNNVD: CNNVD-201611-247 // 
            
            
            
            NVD: CVE-2016-6740

CREDITS
Jianqiang Zhao (@jianqiangzhao) ,pjf of IceSword Lab, Qihoo 360 Technology Co. Ltd and Gengjia Chen (@chengjia4574)
Trust: 0.9
sources:
            
            
            BID: 94142 // 
            
            
            
            CNNVD: CNNVD-201611-247

SOURCES
db:CNVDid:CNVD-2016-11135
db:VULMONid:CVE-2016-6740
db:BIDid:94142
db:JVNDBid:JVNDB-2016-006007
db:CNNVDid:CNNVD-201611-247
db:NVDid:CVE-2016-6740

LAST UPDATE DATE
2024-08-14T14:13:42.660000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-11135date:2016-11-16T00:00:00
db:VULMONid:CVE-2016-6740date:2016-11-28T00:00:00
db:BIDid:94142date:2016-11-24T01:08:00
db:JVNDBid:JVNDB-2016-006007date:2016-11-29T00:00:00
db:CNNVDid:CNNVD-201611-247date:2016-11-29T00:00:00
db:NVDid:CVE-2016-6740date:2016-11-28T20:34:59.387

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-11135date:2016-11-16T00:00:00
db:VULMONid:CVE-2016-6740date:2016-11-25T00:00:00
db:BIDid:94142date:2016-11-08T00:00:00
db:JVNDBid:JVNDB-2016-006007date:2016-11-29T00:00:00
db:CNNVDid:CNNVD-201611-247date:2016-11-15T00:00:00
db:NVDid:CVE-2016-6740date:2016-11-25T16:59:43.587