CVE-2016-8405MEDIUM
Description
An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31651010.
References
http://www.debian.org/security/2017/dsa-3791
http://www.securityfocus.com/bid/94686
https://source.android.com/security/bulletin/2016-12-01.html
Details
Source: MITRE
Published: 2017-01-12
Updated: 2017-11-04
Type: CWE-200
Risk Information
CVSS v2.0
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
CVSS v3.0
Base Score: 4.7
Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 1
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 111833 | SUSE SLES11 Security Update : kernel (SUSE-SU-2018:2366-1) (Foreshadow) | Nessus | SuSE Local Security Checks | high |
| 111782 | SUSE SLES11 Security Update : kernel (SUSE-SU-2018:2332-1) (Foreshadow) | Nessus | SuSE Local Security Checks | high |
| 102261 | Ubuntu 14.04 LTS : linux vulnerabilities (USN-3381-1) (Stack Clash) | Nessus | Ubuntu Local Security Checks | high |
| 101929 | Ubuntu 16.04 LTS : linux-hwe vulnerabilities (USN-3361-1) | Nessus | Ubuntu Local Security Checks | critical |
| 97357 | Debian DSA-3791-1 : linux - security update | Nessus | Debian Local Security Checks | high |
| 97332 | Debian DLA-833-1 : linux security update | Nessus | Debian Local Security Checks | high |