CVE-2016-2067

Published: Jul 11, 2016Modified: May 6, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

drivers/gpu/msm/kgsl.c in the MSM graphics driver (aka GPU driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, mishandles the KGSL_MEMFLAGS_GPUREADONLY flag, which allows attackers to gain privileges by leveraging accidental read-write mappings, aka Qualcomm internal bug CR988993.

Affected (2)

Products: Google: Android · Linux: Linux Kernel

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Android	Up to 6.0.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 3.0 to 3.19.8

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (6)

http://source.android.com/security/bulletin/2016-07-01.html

Source: cve@mitre.org

PatchVendor Advisory

https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=410cfa95f0a1cf58819cbfbd896f9aa45b004ac0

Source: cve@mitre.org

Mailing ListPatchVendor Advisory

https://www.codeaurora.org/privilege-escalation-vulnerability-graphics-driver-cve-2016-2067

Source: cve@mitre.org

Broken Link

http://source.android.com/security/bulletin/2016-07-01.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=410cfa95f0a1cf58819cbfbd896f9aa45b004ac0

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchVendor Advisory

https://www.codeaurora.org/privilege-escalation-vulnerability-graphics-driver-cve-2016-2067

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.