ID

VAR-201611-0134


CVE

CVE-2016-6741


TITLE

Android of Qualcomm Elevation of privilege vulnerability in camera drivers

Trust: 0.8

sources: JVNDB: JVNDB-2016-006008

DESCRIPTION

An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30559423. References: Qualcomm QC-CR#1060554. GoogleNexus is a series of smart devices based on the Android operating system, including mobile phones and tablets. The smart device is powered by Google and licensed to partner hardware vendors for manufacturing. QualcommCameraDriver is one of the high-performance camera drivers. Google Nexus is prone to multiple privilege-escalation vulnerabilities. These issues are being tracked by Android Bug IDs A-30074605, A-30143904 and A-30559423

Trust: 2.52

sources: NVD: CVE-2016-6741 // JVNDB: JVNDB-2016-006008 // CNVD: CNVD-2016-11136 // BID: 94142 // VULMON: CVE-2016-6741

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-11136

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:eqversion:7.0

Trust: 1.6

vendor:googlemodel:androidscope:lteversion:7.1.0

Trust: 1.0

vendor:googlemodel:android onescope:eqversion:0

Trust: 0.9

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.9

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.9

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.9

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.9

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.9

vendor:googlemodel:androidscope:eqversion:2016-11-05

Trust: 0.8

vendor:googlemodel:androidscope:eqversion:7.1.0

Trust: 0.6

sources: CNVD: CNVD-2016-11136 // BID: 94142 // JVNDB: JVNDB-2016-006008 // CNNVD: CNNVD-201611-248 // NVD: CVE-2016-6741

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6741
value: HIGH

Trust: 1.0

NVD: CVE-2016-6741
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-11136
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201611-248
value: CRITICAL

Trust: 0.6

VULMON: CVE-2016-6741
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-6741
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2016-11136
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2016-6741
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-11136 // VULMON: CVE-2016-6741 // JVNDB: JVNDB-2016-006008 // CNNVD: CNNVD-201611-248 // NVD: CVE-2016-6741

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.8

sources: JVNDB: JVNDB-2016-006008 // NVD: CVE-2016-6741

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201611-248

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201611-248

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-006008

PATCH

title:Android Security Bulletin-November 2016url:https://source.android.com/security/bulletin/2016-11-01.html

Trust: 0.8

title:Patch for GoogleNexusQualcommCameraDriver Privilege Escalation Vulnerability (CNVD-2016-11136)url:https://www.cnvd.org.cn/patchInfo/show/83981

Trust: 0.6

title:Google Android Qualcomm camera Driver privilege vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65617

Trust: 0.6

title:Android Security Bulletins: Android Security Bulletin—November 2016url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=29d79db4a6421689e55b5a9ce5d2aa60

Trust: 0.1

sources: CNVD: CNVD-2016-11136 // VULMON: CVE-2016-6741 // JVNDB: JVNDB-2016-006008 // CNNVD: CNNVD-201611-248

EXTERNAL IDS

db:NVDid:CVE-2016-6741

Trust: 3.4

db:BIDid:94142

Trust: 2.6

db:JVNDBid:JVNDB-2016-006008

Trust: 0.8

db:CNVDid:CNVD-2016-11136

Trust: 0.6

db:CNNVDid:CNNVD-201611-248

Trust: 0.6

db:VULMONid:CVE-2016-6741

Trust: 0.1

sources: CNVD: CNVD-2016-11136 // VULMON: CVE-2016-6741 // BID: 94142 // JVNDB: JVNDB-2016-006008 // CNNVD: CNNVD-201611-248 // NVD: CVE-2016-6741

REFERENCES

url:http://www.securityfocus.com/bid/94142

Trust: 2.4

url:https://source.android.com/security/bulletin/2016-11-01.html

Trust: 2.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6741

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6741

Trust: 0.8

url:http://code.google.com/android/

Trust: 0.3

url:https://developers.google.com/android/nexus/images

Trust: 0.3

url:https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=d291eebd8e43bba3229ae7ef9146a132894dc293

Trust: 0.3

url:https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=ef78bd62f0c064ae4c827e158d828b2c110ebcdc

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/264.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2016-11136 // VULMON: CVE-2016-6741 // BID: 94142 // JVNDB: JVNDB-2016-006008 // CNNVD: CNNVD-201611-248 // NVD: CVE-2016-6741

CREDITS

Jianqiang Zhao (@jianqiangzhao) ,pjf of IceSword Lab, Qihoo 360 Technology Co. Ltd and Gengjia Chen (@chengjia4574)

Trust: 0.9

sources: BID: 94142 // CNNVD: CNNVD-201611-248

SOURCES

db:CNVDid:CNVD-2016-11136
db:VULMONid:CVE-2016-6741
db:BIDid:94142
db:JVNDBid:JVNDB-2016-006008
db:CNNVDid:CNNVD-201611-248
db:NVDid:CVE-2016-6741

LAST UPDATE DATE

2024-08-14T14:13:42.696000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2016-11136date:2016-11-16T00:00:00
db:VULMONid:CVE-2016-6741date:2016-11-28T00:00:00
db:BIDid:94142date:2016-11-24T01:08:00
db:JVNDBid:JVNDB-2016-006008date:2016-11-29T00:00:00
db:CNNVDid:CNNVD-201611-248date:2016-11-29T00:00:00
db:NVDid:CVE-2016-6741date:2016-11-28T20:35:00.810

SOURCES RELEASE DATE

db:CNVDid:CNVD-2016-11136date:2016-11-16T00:00:00
db:VULMONid:CVE-2016-6741date:2016-11-25T00:00:00
db:BIDid:94142date:2016-11-08T00:00:00
db:JVNDBid:JVNDB-2016-006008date:2016-11-29T00:00:00
db:CNNVDid:CNNVD-201611-248date:2016-11-15T00:00:00
db:NVDid:CVE-2016-6741date:2016-11-25T16:59:44.757