Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-6707Google Android vulnerability

CWE-2646 documents6 sources
Severity
7.8HIGHNVD
EPSS
1.5%
top 18.74%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Google AndroidGoogle INC Android
Timeline
PublishedNov 25
Latest updateMay 14

Description

An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-31350622.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDgoogle/android6.06.0.1+1
CVEListV5google_inc/androidAndroid-6.0, Android-6.0.1, Android-7.0+2

🔴Vulnerability Details

3
GHSA
GHSA-jcfm-9hmq-23cj: An elevation of privilege vulnerability in System Server in Android 62022-05-14
Project0
BitUnmap: Attacking Android Ashmem - Project Zero2016-12-01
OSV
CVE-2016-6707: An elevation of privilege vulnerability in System Server in Android 62016-11-25

💥Exploits & PoCs

1
Exploit-DB
Google Android - Inter-Process munmap with User-Controlled Size in android.graphics.Bitmap2016-12-06

📋Vendor Advisories

1
Android
CVE-2016-6707: Android Security Bulletin 2016-11-01 CVE: CVE-2016-6707 Severity: HIGH Affected AOSP versions: 62016-11-01