VDB
CVE-2016-5346
CVE-2016-5346
PUBLISHED
CVSS 5.5 MEDIUM
An Information Disclosure vulnerability exists in the Google Pixel/Pixel SL Qualcomm Avtimer Driver due to a NULL pointer dereference when processing an accept system call by the user process on AF_MSM_IPC sockets, which could let a local malicious user obtain sensitive information (Android Bug ID A-32551280).
EPSS 0.09% · 25.8th percentile
Risk Scores
CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.09%
25.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
| android | 0, 0 |
Exploit Intelligence
- https://github.com/ele7enxxh/poc-exp/tree/master/CVE-2016-5346 (nist-nvd)
- ION通用提权漏洞PoC以及分析 (github-poc)
- ION通用提权漏洞PoC以及分析 (github-poc)
- ION通用提权漏洞PoC以及分析 (github-poc)
- ION通用提权漏洞PoC以及分析 (github-poc)
- Android Tethering Provisioning Check Bypass (CVE-2017-0554) (github-poc)
- Android Tethering Provisioning Check Bypass (CVE-2017-0554) (github-poc)
- Android Tethering Provisioning Check Bypass (CVE-2017-0554) (github-poc)
- Android Tethering Provisioning Check Bypass (CVE-2017-0554) (github-poc)
- likekabin/CVE-2017-0541 (github-poc)
…and 11 more exploits
Timeline
- Jan 8, 2020 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- May 24, 2022 CVE Updated
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- http://www.securityfocus.com/bid/97371 url
- http://www.securitytracker.com/id/1038201 url
- https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6298a474322fb2182f795a622b2faa64abfd8474 url
- https://github.com/ele7enxxh/poc-exp/tree/master/CVE-2016-5346 url
- https://source.android.com/security/bulletin/2017-04-01.html url
- http://source.android.com/security/bulletin/2017-04-01.html advisory
- https://nvd.nist.gov/vuln/detail/CVE-2016-5346 advisory