CVE-2016-10277
published 2017-05-12CVE-2016-10277: An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of…
PriorityP350high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
9.46%
94.8th percentile
An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33840490.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 4.9.30-1 (bookworm) | linux 4.9.30-1 (bookworm) |
| android | — | — | |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 4.9.30-1 | 4.9.30-1 |
| linux | linux_kernel | >= 0 < 4.9.30-1 | 4.9.30-1 |
| linux | linux_kernel | >= 0 < 4.9.30-1 | 4.9.30-1 |
| linux | linux_kernel | >= 0 < 4.9.30-1 | 4.9.30-1 |
| linux | linux_kernel | >= 2.6.12 < 3.2.91 | 3.2.91 |
| linux | linux_kernel | >= 3.11 < 3.16.46 | 3.16.46 |
| linux | linux_kernel | >= 3.17 < 3.18.55 | 3.18.55 |
| linux | linux_kernel | >= 3.19 < 4.1.41 | 4.1.41 |
| linux | linux_kernel | >= 3.3 < 3.10.106 | 3.10.106 |
| linux | linux_kernel | >= 4.10 < 4.11.3 | 4.11.3 |
| linux | linux_kernel | >= 4.2 < 4.4.70 | 4.4.70 |
| linux | linux_kernel | >= 4.5 < 4.9.30 | 4.9.30 |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv7.8HIGH
vendor_debian7.8LOW
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
kernel: Out-of-bounds write in lp_setup in drivers/char/lp.c
vendor_redhat·2017-05-22·CVSS 7.8
CVE-2017-1000363 [HIGH] CWE-787 kernel: Out-of-bounds write in lp_setup in drivers/char/lp.c
kernel: Out-of-bounds write in lp_setup in drivers/char/lp.c
Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partial control over the command line) can overflow the parport_nr array in the following code, by appending many (>LP_NO) 'lp=none' arguments to the command line.
A vulnerability was found in the Linux kernel's lp_setup() function where it doesn't apply any bounds checking when passing "lp=none". This can result into overflow of the parport_nr[] array. An attacker with control over kernel command line can overwrite kernel code and data wit
Android
CVE-2016-10277: Android Security Bulletin 2017-05-01
CVE: CVE-2016-10277
Severity: CRITICAL
References: A-33840490*
vendor_android·2017-05-01·CVSS 7.8
CVE-2016-10277 [HIGH] CVE-2016-10277: Android Security Bulletin 2017-05-01
CVE: CVE-2016-10277
Severity: CRITICAL
References: A-33840490*
Android Security Bulletin 2017-05-01
CVE: CVE-2016-10277
Severity: CRITICAL
References: A-33840490*
Debian
CVE-2017-1000363: linux - Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and ...
vendor_debian·2017·CVSS 7.8
CVE-2017-1000363 [HIGH] CVE-2017-1000363: linux - Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and ...
Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partial control over the command line) can overflow the parport_nr array in the following code, by appending many (>LP_NO) 'lp=none' arguments to the command line.
Scope: local
bookworm: resolved (fixed in 4.9.30-1)
bullseye: resolved (fixed in 4.9.30-1)
forky: resolved (fixed in 4.9.30-1)
sid: resolved (fixed in 4.9.30-1)
trixie: resolved (fixed in 4.9.30-1)
GHSA
GHSA-92h6-9hqf-8fx7: An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the con
ghsa_unreviewed·2022-05-17
CVE-2016-10277 [HIGH] GHSA-92h6-9hqf-8fx7: An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the con
An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33840490.
GHSA
GHSA-jg85-fhqf-2gfw: Linux drivers/char/lp
ghsa_unreviewed·2022-05-14·CVSS 7.8
CVE-2017-1000363 [HIGH] CWE-787 GHSA-jg85-fhqf-2gfw: Linux drivers/char/lp
Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partial control over the command line) can overflow the parport_nr array in the following code, by appending many (>LP_NO) 'lp=none' arguments to the command line.
OSV
CVE-2017-1000363: Linux drivers/char/lp
osv·2017-07-17·CVSS 7.8
CVE-2017-1000363 [HIGH] CVE-2017-1000363: Linux drivers/char/lp
Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partial control over the command line) can overflow the parport_nr array in the following code, by appending many (>LP_NO) 'lp=none' arguments to the command line.
No detection rules found.
No writeups or analysis indexed.
2017-05-12
Published