The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashmem string as the dentry name.
http://source.android.com/security/bulletin/2016-10-01.html
http://www.securityfocus.com/bid/92374
http://www.securitytracker.com/id/1036763
https://www.codeaurora.org/invalid-path-check-ashmem-memory-file-cve-2016-5340
Source: MITRE
Published: 2016-08-07
Updated: 2020-08-03
Type: CWE-20
Base Score: 7.2
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 3.9
Severity: HIGH
Base Score: 7.8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 1.8
Severity: HIGH