FPII-2520 : Elevation of privilege vulnerability in Synaptics touchscreen driver CVE-2016-6743 A-30937462
High
An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process.
Additional technical details:
A-30937462
In the fwu_sysfs_store_image function, there is no validation of the count variable leading to a potential heap overflow.
The fix is designed to add additional bounds checks to prevent the potential heap overflow.
Code snippet provided in bulletin patches zip file in the Downloads section: https://support.google.com/androidpartners_security/answer/7169146?hl=en&ref_topic=6353496#downloads
Change-Id: I21619de1d5b18f0f7a4d1514c6f5c65860f1303e
1 file changed