CVE-2016-5341
Description
The GPS component in Android before 2016-12-05 allows man-in-the-middle attackers to cause a denial of service (GPS signal-acquisition delay) via an incorrect xtra.bin or xtra2.bin file on a spoofed Qualcomm gpsonextra.net or izatcloud.net host, aka internal bug 31470303 and external bug 211602 (and AndroidID-7225554).
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
References
- http://source.android.com/security/bulletin/2016-12-01.html
- http://www.securityfocus.com/bid/94689
- https://source.android.com/security/bulletin/pixel/2017-12-01
- https://wwws.nightwatchcybersecurity.com/2016/12/05/cve-2016-5341/
- http://source.android.com/security/bulletin/2016-12-01.html
- http://www.securityfocus.com/bid/94689
- https://source.android.com/security/bulletin/pixel/2017-12-01
- https://wwws.nightwatchcybersecurity.com/2016/12/05/cve-2016-5341/
CWEs
CWE-284
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.