CVE-2016-2419

Published: Apr 18, 2016Modified: May 6, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

media/libmedia/IDrm.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize a certain key-request data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26323455.

Affected (2)

Products: Google: Android

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Google Android	Version 6.0.1
Google Android	Version 6.0

Related CWEs

References (4)

http://source.android.com/security/bulletin/2016-04-02.html

Source: security@android.com

Vendor Advisory

https://android.googlesource.com/platform/frameworks/av/+/5a856f2092f7086aa0fea9ae06b9255befcdcd34

Source: security@android.com

http://source.android.com/security/bulletin/2016-04-02.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://android.googlesource.com/platform/frameworks/av/+/5a856f2092f7086aa0fea9ae06b9255befcdcd34

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.