CVE-2016-5863

EPSS 0.5%

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

16 Aug 2017Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, several sanity checks are missing which can lead to out-of-bounds accesses.

Affected products

Qualcomm, Inc. · All Qualcomm products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://source.android.com/security/bulletin/2017-07-01 https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=daf0acd54a6a80de227baef9a06285e4aa5f8c93 http://www.securityfocus.com/bid/99465