CVE-2016-5344
Description
Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service or possibly have unspecified other impact via a large size value, related to mdss_compat_utils.c, mdss_fb.c, and mdss_rotator.c.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2016-5344
Vendor advisory: cve@mitre.org — https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=1d2297267c24f2c44bd0ecb244ddb8bc880a29b7
Vendor advisory: cve@mitre.org — http://source.android.com/security/bulletin/2016-10-01.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 0 |
| debian | bullseye | fixed | 0 |
| debian | forky | fixed | 0 |
| debian | sid | fixed | 0 |
| debian | trixie | fixed | 0 |
| linux-kernel | affected | |
References
- http://source.android.com/security/bulletin/2016-10-01.html
- http://www.securityfocus.com/bid/92695
- https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=1d2297267c24f2c44bd0ecb244ddb8bc880a29b7
- https://www.codeaurora.org/integer-overflow-mdss-driver-cve-2016-5344
- https://security-tracker.debian.org/tracker/CVE-2016-5344
CWEs
CWE-190
Verify integrity in audit chain (admin only). AS-IS.