Sign-up

ID

VAR-201701-0131


CVE

CVE-2016-8460


TITLE

NVIDIA Information disclosure vulnerability in video drivers

Trust: 0.8

sources: JVNDB: JVNDB-2016-006853

DESCRIPTION

An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-31668540. References: N-CVE-2016-8460. GoogleNexus9 is a tablet from Google Inc. in the United States. NVIDIAVideoDriver is an NVIDIA graphics driver component used in it. Google Android is prone to an information-disclosure vulnerability. Information obtained may aid in further attacks. Nexus 9 is vulnerable

Trust: 2.52

sources: NVD: CVE-2016-8460 // JVNDB: JVNDB-2016-006853 // CNVD: CNVD-2017-00510 // BID: 95249 // VULMON: CVE-2016-8460

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-00510

AFFECTED PRODUCTS

vendor:linuxmodel:kernelscope:eqversion:3.10

Trust: 2.4

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.9

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.9

sources: CNVD: CNVD-2017-00510 // BID: 95249 // JVNDB: JVNDB-2016-006853 // CNNVD: CNNVD-201701-030 // NVD: CVE-2016-8460

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-8460
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-8460
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-00510
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201701-030
value: MEDIUM

Trust: 0.6

VULMON: CVE-2016-8460
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-8460
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-00510
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2016-8460
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-00510 // VULMON: CVE-2016-8460 // JVNDB: JVNDB-2016-006853 // CNNVD: CNNVD-201701-030 // NVD: CVE-2016-8460

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2016-006853 // NVD: CVE-2016-8460

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201701-030

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201701-030

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-006853

PATCH
title:Android Security Bulletin-January 2017url:https://source.android.com/security/bulletin/2017-01-01.html
Trust: 0.8
title:Linux Kernel Archivesurl:http://www.kernel.org/
Trust: 0.8
title:GoogleAndroidNVIDIAVideoDriver Information Disclosure Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/88092
Trust: 0.6
title:Google Nexus 9 NVIDIA Video Fixes for driver information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66774
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—January 2017url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=e8654f311f23268a7da69416ca7535a2
Trust: 0.1
title:CVE-Studyurl:https://github.com/thdusdl1219/CVE-Study 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-00510 // 
            
            
            
            VULMON: CVE-2016-8460 // 
            
            
            
            JVNDB: JVNDB-2016-006853 // 
            
            
            
            CNNVD: CNNVD-201701-030

EXTERNAL IDS
db:NVDid:CVE-2016-8460
Trust: 3.4
db:BIDid:95249
Trust: 2.6
db:JVNDBid:JVNDB-2016-006853
Trust: 0.8
db:CNVDid:CNVD-2017-00510
Trust: 0.6
db:CNNVDid:CNNVD-201701-030
Trust: 0.6
db:VULMONid:CVE-2016-8460
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-00510 // 
            
            
            
            VULMON: CVE-2016-8460 // 
            
            
            
            BID: 95249 // 
            
            
            
            JVNDB: JVNDB-2016-006853 // 
            
            
            
            CNNVD: CNNVD-201701-030 // 
            
            
            
            NVD: CVE-2016-8460

REFERENCES
url:http://www.securityfocus.com/bid/95249
Trust: 2.4
url:https://source.android.com/security/bulletin/2017-01-01.html
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8460
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8460
Trust: 0.8
url:http://www.android.com/
Trust: 0.3
url:https://source.android.com/security/bulletin/2017-01-01.html 
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-00510 // 
            
            
            
            VULMON: CVE-2016-8460 // 
            
            
            
            BID: 95249 // 
            
            
            
            JVNDB: JVNDB-2016-006853 // 
            
            
            
            CNNVD: CNNVD-201701-030 // 
            
            
            
            NVD: CVE-2016-8460

CREDITS
Peter Pi (@heisecode) of Trend Micro
Trust: 0.9
sources:
            
            
            BID: 95249 // 
            
            
            
            CNNVD: CNNVD-201701-030

SOURCES
db:CNVDid:CNVD-2017-00510
db:VULMONid:CVE-2016-8460
db:BIDid:95249
db:JVNDBid:JVNDB-2016-006853
db:CNNVDid:CNNVD-201701-030
db:NVDid:CVE-2016-8460

LAST UPDATE DATE
2024-08-14T14:20:38.492000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-00510date:2017-01-17T00:00:00
db:VULMONid:CVE-2016-8460date:2017-01-18T00:00:00
db:BIDid:95249date:2017-01-12T03:10:00
db:JVNDBid:JVNDB-2016-006853date:2017-01-26T00:00:00
db:CNNVDid:CNNVD-201701-030date:2017-01-16T00:00:00
db:NVDid:CVE-2016-8460date:2017-01-18T02:59:15.813

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-00510date:2017-01-17T00:00:00
db:VULMONid:CVE-2016-8460date:2017-01-12T00:00:00
db:BIDid:95249date:2017-01-03T00:00:00
db:JVNDBid:JVNDB-2016-006853date:2017-01-26T00:00:00
db:CNNVDid:CNNVD-201701-030date:2017-01-05T00:00:00
db:NVDid:CVE-2016-8460date:2017-01-12T20:59:01.483