CVE-2016-2062

Published: May 5, 2016Modified: May 6, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

The adreno_perfcounter_query_group function in drivers/gpu/msm/adreno_perfcounter.c in the Adreno GPU driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, uses an incorrect integer data type, which allows attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and incorrect memory allocation) or possibly have unspecified other impact via a crafted IOCTL_KGSL_PERFCOUNTER_QUERY ioctl call.

Affected (3)

Products: Linux: Linux Kernel · Google: Nexus 5x Firmware, Nexus 6p Firmware

1 product

2 products

Nexus 5x Firmware

Nexus 6p Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 3.0 to 3.19.8

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Google Nexus 5x Firmware	All versions

Running on/with	Platform Versions
Google Nexus 5x	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Google Nexus 6p Firmware	All versions

Running on/with	Platform Versions
Google Nexus 6p	All versions

Related CWEs

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

References (8)

http://source.android.com/security/bulletin/2016-06-01.html

Source: cve@mitre.org

PatchVendor Advisory

http://www.securitytracker.com/id/1035766

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=27c95b64b2e4b5ff1288cbaa6e353dd803d71576

Source: cve@mitre.org

Mailing ListPatchThird Party Advisory

https://www.codeaurora.org/buffer-overflow-adreno-gpu-msm-driver-cve-2016-2062

Source: cve@mitre.org

Broken Link

http://source.android.com/security/bulletin/2016-06-01.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securitytracker.com/id/1035766

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=27c95b64b2e4b5ff1288cbaa6e353dd803d71576

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

https://www.codeaurora.org/buffer-overflow-adreno-gpu-msm-driver-cve-2016-2062

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.