Vulnerability CVE-2016-10277

Vulnerability Name:

CVE-2016-10277 (CCN-126424)

Assigned:

2017-05-01

Published:

2017-05-01

Updated:

2017-09-06

Summary:

An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33840490.

CVSS v3 Severity:

7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.0 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.0 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-264

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2016-10277

Source: BID
Type: Technical Description, VDB Entry
98149

Source: CCN
Type: BID-98149
Google Android Motorola Bootloader CVE-2016-10277 Privilege Escalation Vulnerability

Source: CCN
Type: Google Web site
Android

Source: XF
Type: UNKNOWN
android-cve201610277-priv-esc(126424)

Source: CCN
Type: Packet Storm Security [09-04-2017]
Motorola Bootloader Kernel Cmdline Injection / Bypass

Source: CCN
Type: Android Open Source Project
Android Security BulletinMay 2017

Source: CONFIRM
Type: Patch, Vendor Advisory
https://source.android.com/security/bulletin/2017-05-01

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [09-01-2017]

Source: EXPLOIT-DB
Type: UNKNOWN
42601

Vulnerable Configuration:

Configuration 1:

cpe:/o:linux:linux_kernel:3.10:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:3.18:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/h:google:nexus_6:-:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:201610277	V	CVE-2016-10277	2022-05-20
oval:org.opensuse.security:def:34620	P	Security update for kernel-firmware (Low)	2021-12-30
oval:org.opensuse.security:def:31330	P	Security update for xorg-x11-server (Important)	2021-12-14
oval:org.opensuse.security:def:31286	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-10-18
oval:org.opensuse.security:def:35269	P	Security update for python-reportlab (Moderate)	2021-09-23
oval:org.opensuse.security:def:34536	P	Security update for mariadb (Moderate)	2021-09-09
oval:org.opensuse.security:def:31265	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:34524	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:34525	P	Security update for gstreamer-plugins-good (Moderate)	2021-09-02
oval:org.opensuse.security:def:31226	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:31177	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:32006	P	Security update for mutt (Important)	2020-12-07
oval:org.opensuse.security:def:36017	P	perl-spamassassin-3.3.1-10.8.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:36058	P	xdg-utils-1.0.2-36.18 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:26913	P	guestfs-data on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28521	P	Security update for openvpn-openssl1 (Important)	2020-12-01
oval:org.opensuse.security:def:30526	P	Security update for jakarta	2020-12-01
oval:org.opensuse.security:def:27339	P	xterm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29294	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:27564	P	rubygem-sprockets-2_2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30966	P	Security update for grub2 (Important)	2020-12-01
oval:org.opensuse.security:def:28123	P	Security update for gtk2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27906	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:34756	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:28282	P	Security update for mysql (Important)	2020-12-01
oval:org.opensuse.security:def:27914	P	Security update for xfsprogs (Moderate)	2020-12-01
oval:org.opensuse.security:def:35220	P	Security update for libksba (Moderate)	2020-12-01
oval:org.opensuse.security:def:26721	P	java-1_6_0-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28419	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:30514	P	Security update for freetype2	2020-12-01
oval:org.opensuse.security:def:27135	P	gmime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28620	P	Security update for xorg-x11-libXt	2020-12-01
oval:org.opensuse.security:def:30822	P	Security update for cups (Moderate)	2020-12-01
oval:org.opensuse.security:def:27441	P	libdrm-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27767	P	Security update for IBM Java	2020-12-01
oval:org.opensuse.security:def:28194	P	Security update for libcgroup1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27839	P	Security update for mysql (Moderate)	2020-12-01
oval:org.opensuse.security:def:35002	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:28978	P	Security update for socat (Moderate)	2020-12-01
oval:org.opensuse.security:def:26709	P	gmime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28183	P	Security update for various KMPs (Moderate)	2020-12-01
oval:org.opensuse.security:def:35335	P	Security update for mozilla-nspr (Moderate)	2020-12-01
oval:org.opensuse.security:def:26994	P	nagios on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28560	P	Security update for hplip	2020-12-01
oval:org.opensuse.security:def:30600	P	Security update for PostgreSQL	2020-12-01
oval:org.opensuse.security:def:27388	P	dbus-1-glib-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27575	P	unixODBC_23-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31121	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28158	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:27990	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:34855	P	Security update for cairo (Moderate)	2020-12-01
oval:org.opensuse.security:def:28296	P	Security update for ncurses (Important)	2020-12-01
oval:org.opensuse.security:def:28042	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:26785	P	mozilla-xulrunner192 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28472	P	Security update for xorg-x11-libs (Moderate)	2020-12-01
oval:org.opensuse.security:def:30515	P	Security update for ghostscript	2020-12-01
oval:org.opensuse.security:def:27286	P	rsyslog on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29258	P	Security update for tomcat6 (Important)	2020-12-01
oval:org.opensuse.security:def:27563	P	rubygem-rdoc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30879	P	Security update for fetchmail (Moderate)	2020-12-01
oval:org.opensuse.security:def:27485	P	libsnmp15-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27849	P	Security update for openssl (Moderate)	2020-12-01
oval:org.opensuse.security:def:28243	P	Security update for libxml2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27850	P	Security update for osc (Low)	2020-12-01
oval:org.opensuse.security:def:35161	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:29013	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26710	P	gnome-screensaver on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28267	P	Security update for mercurial (Moderate)	2020-12-01
oval:org.opensuse.security:def:35379	P	Security update for ntp (Moderate)	2020-12-01
oval:org.opensuse.security:def:27051	P	vte on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28576	P	Security update for libotr	2020-12-01
oval:org.opensuse.security:def:30732	P	Security update for OpenEXR (Moderate)	2020-12-01
oval:org.opensuse.security:def:27427	P	kopete-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27639	P	Security update for pixman	2020-12-01
oval:org.opensuse.security:def:28141	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:31968	P	Security update for ipmitool (Important)	2020-12-01
oval:org.opensuse.security:def:27838	P	Security update for Mozilla NSS	2020-12-01
oval:org.opensuse.security:def:34912	P	Security update for e2fsprogs (Moderate)	2020-12-01
oval:org.opensuse.security:def:28340	P	Security update for php53 (Important)	2020-12-01
oval:org.opensuse.security:def:28126	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:35308	P	Security update for lxc (Moderate)	2020-12-01

BACK