CVE-2016-8399
Advisory lineage Upstream: 0 Downstream: 19
Modified
Published: 12 Jan 2017, 15:00
Last modified:06 Aug 2024, 02:20
Vulnerability Summary
Overall Risk (default)
medium
30/100 CVSS Score
7.6 HIGH
v2.0 (nvd)
EPSS Score
0.25% LOW
0% probability -0.01%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
12 Jan 2017, 15:00
Published
Vulnerability first disclosed
06 Aug 2024, 02:20
Last Modified
Vulnerability information updated
Description
An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31349935.
CVSS Metrics
- v3.1•HIGH•Score: 7CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
- v2.0•HIGH•Score: 7.6AV:N/AC:H/Au:N/C:C/I:C/A:C
EPSS Trends
Current EPSS score: 0.25%• Percentile: 48%
Techniques & Countermeasures
- CWE-284•Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Affected Systems
- google inc.•android
Kernel-3.10 | Kernel-3.18
- linux•linux_kernel
≥ 3.19, < 4.1.37 | ≥ 4.2, < 4.4.38 | ≥ 4.5, < 4.8.14
References (7)
- https://source.android.com/security/bulletin/2016-12-01.html
- https://access.redhat.com/errata/RHSA-2017:2931
- http://www.securityfocus.com/bid/94708
- http://rhn.redhat.com/errata/RHSA-2017-0817.html
- https://access.redhat.com/errata/RHSA-2017:0869
- https://access.redhat.com/errata/RHSA-2017:2930
- https://support.f5.com/csp/article/K23030550?utm_source=f5support&%3Butm_medium=RSS