VDB
CVE-2016-5863
CVE-2016-5863
PUBLISHED
In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, several sanity checks are missing which can lead to out-of-bounds accesses.
EPSS 0.05% · 17.3th percentile
Risk Scores
EPSS Score
0.05%
17.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:22.04:LTS | linux-realtime | 5.15.0-1032.35, 0 |
| Ubuntu:24.04:LTS | linux-gcp-6.11 | 0, *, 6.11.0-1006.6~24.04.2 |
| Ubuntu:20.04:LTS | linux-raspi2 | 5.4.0-1006.6, 5.3.0-1017.19, 5.3.0-1015.17 |
| Ubuntu:24.04:LTS | linux-realtime | 6.8.1-1015.16, 0 |
| Ubuntu:16.04:LTS | linux-snapdragon | 4.4.0-1012.12, 4.4.0-1015.18, 4.4.0-1019.22 |
| Ubuntu:24.04:LTS | linux-lowlatency-hwe-6.11 | 6.11.0-1013.14~24.04.1, 0, 6.11.0-1015.16~24.04.2 |
| Ubuntu:20.04:LTS | linux-azure-fde | *, *, * |
| Ubuntu:Pro:20.04:LTS | linux-azure-fde-5.15 | 5.15.0-1056.64~20.04.1.1, *, * |
| Ubuntu:16.04:LTS | linux | 4.4.0-12.28, 4.4.0-9.24, 4.2.0-16.19 |
| Ubuntu:22.04:LTS | linux-riscv | 5.15.0-1014.16, 0, 5.13.0-1004.4 |
| Ubuntu:20.04:LTS | linux-gke | 5.4.0-1078.84, 5.4.0-1059.62, 5.4.0-1057.60 |
| Ubuntu:24.04:LTS | linux-raspi-realtime | 0, 6.8.0-2019.20 |
| Ubuntu:20.04:LTS | linux-gkeop | 5.4.0-1079.83, 0, 5.4.0-1008.9 |
| Ubuntu:14.04:LTS | linux-lts-xenial | 4.4.0-18.34~14.04.1, 4.4.0-15.31~14.04.1, 0 |
| Ubuntu:24.04:LTS | linux-azure-6.11 | 0, 6.11.0-1008.8~24.04.1, 6.11.0-1012.12~24.04.1 |
| Ubuntu:24.04:LTS | linux-hwe-6.11 | 6.11.0-25.25~24.04.1, 6.11.0-17.17~24.04.2, 6.11.0-19.19~24.04.1 |
| Ubuntu:16.04:LTS | linux-raspi2 | 4.4.0-1012.16, 4.4.0-1010.13, 4.4.0-1010.12 |
| Ubuntu:14.04:LTS | linux | 3.13.0-7.25, 3.13.0-34.60, 3.13.0-33.58 |
| Ubuntu:22.04:LTS | linux-intel-iot-realtime | 0, 5.15.0-1073.75 |
| Ubuntu:24.04:LTS | linux-riscv | 6.8.0-41.41.1, 6.8.0-48.48.1, 6.8.0-49.49.1 |
…and 1 more
Timeline
- Jul 6, 2017 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2016-5863 third-party-advisory
- https://source.android.com/security/bulletin/2017-07-01 third-party-advisory
- https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=daf0acd54a6a80de227baef9a06285e4aa5f8c93 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2016-5863 third-party-advisory