ID

VAR-201611-0153


CVE

CVE-2016-3904


TITLE

Android of Qualcomm bus Elevation of privilege vulnerability in driver

Trust: 0.8

sources: JVNDB: JVNDB-2016-005964

DESCRIPTION

An elevation of privilege vulnerability in the Qualcomm bus driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30311977. References: Qualcomm QC-CR#1050455. GoogleNexus5X and so on are all smart devices from Google. Qualcommbus is one of the Qualcomm bus components. Google Android is prone to a privilege-escalation vulnerability

Trust: 2.52

sources: NVD: CVE-2016-3904 // JVNDB: JVNDB-2016-005964 // CNVD: CNVD-2016-11148 // BID: 94210 // VULMON: CVE-2016-3904

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-11148

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:lteversion:7.0

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:2016-11-05

Trust: 0.8

vendor:googlemodel:android(on nexusscope:eqversion:5x)

Trust: 0.6

vendor:googlemodel:androidscope: - version: -

Trust: 0.6

vendor:googlemodel:pixelscope: - version: -

Trust: 0.6

vendor:googlemodel:pixel xlscope: - version: -

Trust: 0.6

vendor:googlemodel:androidscope:eqversion:7.0

Trust: 0.6

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2016-11148 // BID: 94210 // JVNDB: JVNDB-2016-005964 // CNNVD: CNNVD-201611-285 // NVD: CVE-2016-3904

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-3904
value: HIGH

Trust: 1.0

NVD: CVE-2016-3904
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-11148
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201611-285
value: MEDIUM

Trust: 0.6

VULMON: CVE-2016-3904
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-3904
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2016-11148
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2016-3904
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-11148 // VULMON: CVE-2016-3904 // JVNDB: JVNDB-2016-005964 // CNNVD: CNNVD-201611-285 // NVD: CVE-2016-3904

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.8

sources: JVNDB: JVNDB-2016-005964 // NVD: CVE-2016-3904

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201611-285

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201611-285

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-005964

PATCH

title:Android Security Bulletin-November 2016url:https://source.android.com/security/bulletin/2016-11-01.html

Trust: 0.8

title:Patch for GoogleAndroid QualcommBusDriver privilege escalation vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/83978

Trust: 0.6

title:Multiple Google product Qualcomm bus Repair measures for privilege escalationurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65654

Trust: 0.6

title:Android Security Bulletins: Android Security Bulletin—November 2016url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=29d79db4a6421689e55b5a9ce5d2aa60

Trust: 0.1

sources: CNVD: CNVD-2016-11148 // VULMON: CVE-2016-3904 // JVNDB: JVNDB-2016-005964 // CNNVD: CNNVD-201611-285

EXTERNAL IDS

db:NVDid:CVE-2016-3904

Trust: 3.4

db:BIDid:94210

Trust: 2.6

db:JVNDBid:JVNDB-2016-005964

Trust: 0.8

db:CNVDid:CNVD-2016-11148

Trust: 0.6

db:CNNVDid:CNNVD-201611-285

Trust: 0.6

db:VULMONid:CVE-2016-3904

Trust: 0.1

sources: CNVD: CNVD-2016-11148 // VULMON: CVE-2016-3904 // BID: 94210 // JVNDB: JVNDB-2016-005964 // CNNVD: CNNVD-201611-285 // NVD: CVE-2016-3904

REFERENCES

url:http://www.securityfocus.com/bid/94210

Trust: 2.4

url:https://source.android.com/security/bulletin/2016-11-01.html

Trust: 1.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3904

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3904

Trust: 0.8

url:http://code.google.com/android/

Trust: 0.3

url:http://source.android.com/security/bulletin/2016-02-01.html

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/264.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2016-11148 // VULMON: CVE-2016-3904 // BID: 94210 // JVNDB: JVNDB-2016-005964 // CNNVD: CNNVD-201611-285 // NVD: CVE-2016-3904

CREDITS

Jianqiang Zhao and pjf of IceSword Lab, Qihoo 360 Technology Co. Ltd.

Trust: 0.9

sources: BID: 94210 // CNNVD: CNNVD-201611-285

SOURCES

db:CNVDid:CNVD-2016-11148
db:VULMONid:CVE-2016-3904
db:BIDid:94210
db:JVNDBid:JVNDB-2016-005964
db:CNNVDid:CNNVD-201611-285
db:NVDid:CVE-2016-3904

LAST UPDATE DATE

2024-08-14T14:13:42.581000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2016-11148date:2016-11-16T00:00:00
db:VULMONid:CVE-2016-3904date:2016-11-28T00:00:00
db:BIDid:94210date:2016-11-24T01:09:00
db:JVNDBid:JVNDB-2016-005964date:2016-11-29T00:00:00
db:CNNVDid:CNNVD-201611-285date:2016-11-29T00:00:00
db:NVDid:CVE-2016-3904date:2016-11-28T20:13:39.557

SOURCES RELEASE DATE

db:CNVDid:CNVD-2016-11148date:2016-11-16T00:00:00
db:VULMONid:CVE-2016-3904date:2016-11-25T00:00:00
db:BIDid:94210date:2016-11-07T00:00:00
db:JVNDBid:JVNDB-2016-005964date:2016-11-29T00:00:00
db:CNNVDid:CNNVD-201611-285date:2016-11-15T00:00:00
db:NVDid:CVE-2016-3904date:2016-11-25T16:59:00.183