anthias: security: CVE-2016-3768
Elevation of Privilege Vulnerability in Qualcomm Performance Component (Device Specific) CVE Android bugs Severity Updated kernel versions Date reported CVE-2016-3768 ANDROID-28172137 Critical 3.4, 3.10 Apr 9, 2016 An elevation of privilege vulnerability in the Qualcomm performance component could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical severity due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. ANDROID-28172137 (Qualcomm ref#: CR#1010644) During a perf_event_enable, an event could be enabled on multiple hw_events. However, during the perf_release, the event struct is freed and only one hw_event is released. This could lead to dereferencing the invalid pointer and Use-After-Free vulnerability. The fix is designed to return an error in the case of event duplication. Change-Id: Ica19b394c7d8adbedfa8...
Please register or sign in to comment