ID

VAR-201701-0131


CVE

CVE-2016-8460


TITLE

NVIDIA Information disclosure vulnerability in video drivers

Trust: 0.8

sources: JVNDB: JVNDB-2016-006853

DESCRIPTION

An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-31668540. References: N-CVE-2016-8460. GoogleNexus9 is a tablet from Google Inc. in the United States. NVIDIAVideoDriver is an NVIDIA graphics driver component used in it. Google Android is prone to an information-disclosure vulnerability. Information obtained may aid in further attacks. Nexus 9 is vulnerable

Trust: 2.52

sources: NVD: CVE-2016-8460 // JVNDB: JVNDB-2016-006853 // CNVD: CNVD-2017-00510 // BID: 95249 // VULMON: CVE-2016-8460

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-00510

AFFECTED PRODUCTS

vendor:linuxmodel:kernelscope:eqversion:3.10

Trust: 2.4

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.9

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.9

sources: CNVD: CNVD-2017-00510 // BID: 95249 // JVNDB: JVNDB-2016-006853 // CNNVD: CNNVD-201701-030 // NVD: CVE-2016-8460

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-8460
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-8460
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-00510
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201701-030
value: MEDIUM

Trust: 0.6

VULMON: CVE-2016-8460
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-8460
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-00510
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2016-8460
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-00510 // VULMON: CVE-2016-8460 // JVNDB: JVNDB-2016-006853 // CNNVD: CNNVD-201701-030 // NVD: CVE-2016-8460

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2016-006853 // NVD: CVE-2016-8460

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201701-030

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201701-030

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-006853

PATCH

title:Android Security Bulletin-January 2017url:https://source.android.com/security/bulletin/2017-01-01.html

Trust: 0.8

title:Linux Kernel Archivesurl:http://www.kernel.org/

Trust: 0.8

title:GoogleAndroidNVIDIAVideoDriver Information Disclosure Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/88092

Trust: 0.6

title:Google Nexus 9 NVIDIA Video Fixes for driver information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66774

Trust: 0.6

title:Android Security Bulletins: Android Security Bulletin—January 2017url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=e8654f311f23268a7da69416ca7535a2

Trust: 0.1

title:CVE-Studyurl:https://github.com/thdusdl1219/CVE-Study

Trust: 0.1

sources: CNVD: CNVD-2017-00510 // VULMON: CVE-2016-8460 // JVNDB: JVNDB-2016-006853 // CNNVD: CNNVD-201701-030

EXTERNAL IDS

db:NVDid:CVE-2016-8460

Trust: 3.4

db:BIDid:95249

Trust: 2.6

db:JVNDBid:JVNDB-2016-006853

Trust: 0.8

db:CNVDid:CNVD-2017-00510

Trust: 0.6

db:CNNVDid:CNNVD-201701-030

Trust: 0.6

db:VULMONid:CVE-2016-8460

Trust: 0.1

sources: CNVD: CNVD-2017-00510 // VULMON: CVE-2016-8460 // BID: 95249 // JVNDB: JVNDB-2016-006853 // CNNVD: CNNVD-201701-030 // NVD: CVE-2016-8460

REFERENCES

url:http://www.securityfocus.com/bid/95249

Trust: 2.4

url:https://source.android.com/security/bulletin/2017-01-01.html

Trust: 1.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8460

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8460

Trust: 0.8

url:http://www.android.com/

Trust: 0.3

url:https://source.android.com/security/bulletin/2017-01-01.html

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/200.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2017-00510 // VULMON: CVE-2016-8460 // BID: 95249 // JVNDB: JVNDB-2016-006853 // CNNVD: CNNVD-201701-030 // NVD: CVE-2016-8460

CREDITS

Peter Pi (@heisecode) of Trend Micro

Trust: 0.9

sources: BID: 95249 // CNNVD: CNNVD-201701-030

SOURCES

db:CNVDid:CNVD-2017-00510
db:VULMONid:CVE-2016-8460
db:BIDid:95249
db:JVNDBid:JVNDB-2016-006853
db:CNNVDid:CNNVD-201701-030
db:NVDid:CVE-2016-8460

LAST UPDATE DATE

2024-08-14T14:20:38.492000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-00510date:2017-01-17T00:00:00
db:VULMONid:CVE-2016-8460date:2017-01-18T00:00:00
db:BIDid:95249date:2017-01-12T03:10:00
db:JVNDBid:JVNDB-2016-006853date:2017-01-26T00:00:00
db:CNNVDid:CNNVD-201701-030date:2017-01-16T00:00:00
db:NVDid:CVE-2016-8460date:2017-01-18T02:59:15.813

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-00510date:2017-01-17T00:00:00
db:VULMONid:CVE-2016-8460date:2017-01-12T00:00:00
db:BIDid:95249date:2017-01-03T00:00:00
db:JVNDBid:JVNDB-2016-006853date:2017-01-26T00:00:00
db:CNNVDid:CNNVD-201701-030date:2017-01-05T00:00:00
db:NVDid:CVE-2016-8460date:2017-01-12T20:59:01.483