FPII-2616: Information disclosure vulnerability in kernel components (device specific)
CVE-2016-8405 A-31651010
An information disclosure vulnerability in kernel components including the ION subsystem,
Binder, USB driver and networking subsystem could enable a local malicious application to
access data outside of its permission levels. This issue is rated as Moderate because it
first requires compromising a privileged process.
Additional technical details:
A-31651010
There is no validation of the to->start variable to check if it is negative leading to a potential information disclosure.
The fix is designed to add additional validation to prevent the potential information disclosure.
Change-Id: I21f04f107930a417b6ca876b8028c1465f0f90f2
1 file changed