CVE-2016-0807 — Android-platform-system-core vulnerability

CWE-2645 documents5 sources

Severity

8.4HIGHNVD

EPSS

0.0%

top 97.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Android-platform-system-core Google Android

Timeline

PublishedFeb 7

Latest updateMay 17

Description

The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application that mishandles a Desc Size element in an ELF Note, aka internal bug 25187394.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.5 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/android-platform-system-core< android-platform-system-core 1:7.0.0+r1-1 (bullseye)

▶NVDgoogle/android6.0, 6.0.1+1

▶googlegoogle/android

🔴Vulnerability Details

GHSA

GHSA-c6wm-7cfc-hf64: The get_build_id function in elf_utils↗2022-05-17

▶

OSV

CVE-2016-0807: The get_build_id function in elf_utils↗2016-02-07

▶

📋Vendor Advisories

Android

CVE-2016-0807: Android Security Bulletin 2016-02-01 CVE: CVE-2016-0807 Severity: CRITICAL Affected AOSP versions: 6↗2016-02-01

▶

Debian

CVE-2016-0807: android-platform-system-core - The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x before 20...↗2016

▶