CVE-2016-5858

Published: Aug 16, 2017Modified: May 13, 2026

4.7

Vector

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.0 / Impact: 3.6

Source: NVD

Description

In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a user supplies a value too large, then an out-of-bounds read occurs.

Affected (1)

Products: Google: Android

Google

1 product

Android

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Android	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

http://www.securityfocus.com/bid/98215

Source: product-security@qualcomm.com

Third Party AdvisoryVDB Entry

https://source.android.com/security/bulletin/2017-05-01

Source: product-security@qualcomm.com

PatchVendor Advisory

https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=3154eb1d263b9c3eab2c9fa8ebe498390bf5d711

Source: product-security@qualcomm.com

Issue TrackingPatchThird Party Advisory

https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=afc5bea71bc8f251dad1104568383019f4923af6

Source: product-security@qualcomm.com

Issue TrackingPatchThird Party Advisory

http://www.securityfocus.com/bid/98215

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://source.android.com/security/bulletin/2017-05-01

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=3154eb1d263b9c3eab2c9fa8ebe498390bf5d711

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=afc5bea71bc8f251dad1104568383019f4923af6

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

Timeline

No history available yet.