Vulnerability CVE-2016-8405

Vulnerability Name:

CVE-2016-8405 (CCN-121146)

Assigned:

2016-10-05

Published:

2017-01-03

Updated:

2017-11-04

Summary:

An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31651010.

CVSS v3 Severity:

4.7 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N)
4.1 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

3.3 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)
2.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

1.7 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-200

Vulnerability Consequences:

Obtain Information

References:

Source: CCN
Type: Google Web site
Android

Source: MITRE
Type: CNA
CVE-2016-8405

Source: DEBIAN
Type: UNKNOWN
DSA-3791

Source: BID
Type: Third Party Advisory, VDB Entry
94686

Source: CCN
Type: BID-94686
Google Android Kernel Components Multiple Information Disclosure Vulnerabilites

Source: XF
Type: UNKNOWN
android-cve20168405-info-disc(121146)

Source: CCN
Type: Android Open Source Project
Android Security BulletinDecember 2016

Source: CONFIRM
Type: Vendor Advisory
https://source.android.com/security/bulletin/2016-12-01.html

Vulnerable Configuration:

Configuration 1:

cpe:/o:linux:linux_kernel:3.10:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:3.18:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:google:android:*:*:*:*:*:*:*:*

OR cpe:/h:google:nexus_9:-:*:*:*:*:*:*:*

OR cpe:/h:google:nexus_6:-:*:*:*:*:*:*:*

OR cpe:/h:google:nexus_player:-:*:*:*:*:*:*:*

OR cpe:/h:google:pixel_c:-:*:*:*:*:*:*:*

OR cpe:/h:google:android_one:-:*:*:*:*:*:*:*

OR cpe:/h:google:nexus_5x:-:*:*:*:*:*:*:*

OR cpe:/h:google:nexus_6p:-:*:*:*:*:*:*:*

OR cpe:/h:google:pixel:-:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20168405	V	CVE-2016-8405	2022-05-20
oval:org.opensuse.security:def:35280	P	Security update for libqt4 (Important)	2021-12-22
oval:org.opensuse.security:def:34000	P	Security update for postgresql10 (Important)	2021-11-22
oval:org.opensuse.security:def:33044	P	Security update for postgresql, postgresql13, postgresql14 (Important)	2021-11-20
oval:org.opensuse.security:def:33999	P	Security update for postgresql, postgresql13, postgresql14 (Important)	2021-11-20
oval:org.opensuse.security:def:31297	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:30261	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:30260	P	Security update for qemu (Important)	2021-10-28
oval:org.opensuse.security:def:34547	P	Security update for the Linux Kernel (Important)	2021-09-23
oval:org.opensuse.security:def:34535	P	Security update for java-1_7_0-openjdk (Moderate)	2021-09-09
oval:org.opensuse.security:def:34536	P	Security update for mariadb (Moderate)	2021-09-09
oval:org.opensuse.security:def:33711	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:33710	P	Security update for file (Important)	2021-09-02
oval:org.opensuse.security:def:31237	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-07-27
oval:org.opensuse.security:def:33943	P	Security update for MozillaFirefox (Important)	2021-07-16
oval:org.opensuse.security:def:33933	P	Security update for apache2 (Important)	2021-06-17
oval:org.opensuse.security:def:34461	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:34460	P	Security update for the Linux Kernel (Important)	2021-06-09
oval:org.opensuse.security:def:36069	P	LibVNCServer-0.9.1-154.24 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:30206	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:30205	P	Security update for gstreamer-plugins-bad (Important)	2021-06-07
oval:org.opensuse.security:def:31188	P	Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:34416	P	Security update for MozillaFirefox (Important)	2021-04-27
oval:org.opensuse.security:def:33894	P	Security update for xen (Important)	2021-04-19
oval:org.opensuse.security:def:30053	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP2) (Important)	2021-04-12
oval:org.opensuse.security:def:30052	P	Security update for MozillaFirefox (Important)	2021-03-31
oval:org.opensuse.security:def:33101	P	Security update for nghttp2 (Important)	2021-03-24
oval:org.opensuse.security:def:34631	P	Security update for krb5-appl (Important)	2021-02-19
oval:org.opensuse.security:def:31341	P	Security update for jasper (Important)	2021-02-16
oval:org.opensuse.security:def:33942	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:34417	P	Security update for the Linux Kernel (Important)	2021-01-15
oval:org.opensuse.security:def:31276	P	Security update for java-1_8_0-ibm (Moderate)	2021-01-05
oval:org.opensuse.security:def:33628	P	Security update for cyrus-sasl (Important)	2020-12-28
oval:org.opensuse.security:def:33627	P	Security update for clamav (Important)	2020-12-22
oval:org.opensuse.security:def:35231	P	Security update for the Linux Kernel (Important)	2020-12-09
oval:org.opensuse.security:def:31086	P	Security update for mutt (Important)	2020-12-07
oval:org.opensuse.security:def:31087	P	Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP3) (Important)	2020-12-07
oval:org.opensuse.security:def:33617	P	Security update for python-cryptography (Moderate)	2020-12-04
oval:org.opensuse.security:def:33616	P	Security update for gdm (Important)	2020-12-03
oval:org.opensuse.security:def:36028	P	rsyslog-5.10.1-0.7.49 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:33615	P	Security update for python3 (Important)	2020-12-02
oval:org.opensuse.security:def:27851	P	Security update for pam	2020-12-01
oval:org.opensuse.security:def:28626	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:28279	P	Security update for mysql (Important)	2020-12-01
oval:org.opensuse.security:def:28364	P	Security update for postgresql94 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27496	P	libupsclient1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30525	P	Security update for jakarta-commons-fileupload	2020-12-01
oval:org.opensuse.security:def:32515	P	fuse on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30890	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:30367	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:29881	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26796	P	pam on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34866	P	Security update for cloud-init (Moderate)	2020-12-01
oval:org.opensuse.security:def:34246	P	Security update for postgresql10 (Moderate)	2020-12-01
oval:org.opensuse.security:def:34391	P	Security update for unrar (Important)	2020-12-01
oval:org.opensuse.security:def:29617	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:28711	P	Security update for icu	2020-12-01
oval:org.opensuse.security:def:28431	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:28403	P	Security update for spice (Important)	2020-12-01
oval:org.opensuse.security:def:28134	P	Security update for jasper (Moderate)	2020-12-01
oval:org.opensuse.security:def:32426	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:32650	P	dhcp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30977	P	Security update for guile (Low)	2020-12-01
oval:org.opensuse.security:def:30310	P	Security update for tcpdump	2020-12-01
oval:org.opensuse.security:def:30411	P	Security update for xorg-x11-libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26924	P	kbd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34923	P	Security update for exempi (Moderate)	2020-12-01
oval:org.opensuse.security:def:34304	P	Security update for quagga (Low)	2020-12-01
oval:org.opensuse.security:def:28415	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:29690	P	Security update for exempi (Moderate)	2020-12-01
oval:org.opensuse.security:def:28768	P	Security update for net-snmp	2020-12-01
oval:org.opensuse.security:def:28484	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:28418	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:28169	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32744	P	logwatch on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31132	P	Security update for kvm (Moderate)	2020-12-01
oval:org.opensuse.security:def:30349	P	Security update for vim (Moderate)	2020-12-01
oval:org.opensuse.security:def:31049	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:27696	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:27005	P	pam_krb5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35013	P	Security update for gpg2 (Important)	2020-12-01
oval:org.opensuse.security:def:34353	P	Security update for sudo, sudo-debuginfo, sudo-debugsource	2020-12-01
oval:org.opensuse.security:def:28416	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:29822	P	Security update for java-1_6_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:28852	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:28533	P	Security update for bogofilter	2020-12-01
oval:org.opensuse.security:def:28462	P	Security update for xorg-x11-libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32425	P	Security update for wpa_supplicant (Moderate)	2020-12-01
oval:org.opensuse.security:def:32801	P	unzip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30368	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:26720	P	java-1_4_2-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27760	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:27062	P	xorg-x11-server-dmx on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35172	P	Security update for krb5	2020-12-01
oval:org.opensuse.security:def:34392	P	Security update for unrar (Moderate)	2020-12-01
oval:org.opensuse.security:def:35098	P	Security update for the Linux Kernel (Critical)	2020-12-01
oval:org.opensuse.security:def:29618	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:29909	P	Security update for libHX13	2020-12-01
oval:org.opensuse.security:def:29004	P	Security update for conntrack-tools (Moderate)	2020-12-01
oval:org.opensuse.security:def:28572	P	Security update for PostgreSQL	2020-12-01
oval:org.opensuse.security:def:29100	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:33846	P	Security update for guile (Low)	2020-12-01
oval:org.opensuse.security:def:32888	P	jpeg on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30412	P	Security update for xorg-x11-libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:26721	P	java-1_6_0-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27888	P	Security update for rubygem-rack-ssl	2020-12-01
oval:org.opensuse.security:def:27146	P	hplip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35138	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:29605	P	Security update for bash	2020-12-01
oval:org.opensuse.security:def:29691	P	Security update for expat	2020-12-01
oval:org.opensuse.security:def:29966	P	Security update for libpng12-0 (Moderate)	2020-12-01
oval:org.opensuse.security:def:29058	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:28588	P	Security update for Mozilla NSS	2020-12-01
oval:org.opensuse.security:def:29135	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31050	P	Security update for the Linux Kernel	2020-12-01
oval:org.opensuse.security:def:27862	P	Security update for Python	2020-12-01
oval:org.opensuse.security:def:27970	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:27297	P	stunnel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29607	P	Security update for bind	2020-12-01
oval:org.opensuse.security:def:29823	P	Security update for java-1_6_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:29107	P	Security update for java-1_6_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:28632	P	Security update for a2ps	2020-12-01
oval:org.opensuse.security:def:27684	P	Security update for xorg-x11-server	2020-12-01
oval:org.opensuse.security:def:27926	P	Security update for GraphicsMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:28027	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:27350	P	openssh-openssl1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35319	P	Security update for microcode_ctl (Important)	2020-12-01
oval:org.opensuse.security:def:35099	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:30537	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:29910	P	Security update for libapr	2020-12-01
oval:org.opensuse.security:def:29146	P	Security update for kvm (Moderate)	2020-12-01
oval:org.opensuse.security:def:29270	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:33847	P	Security update for okular	2020-12-01
oval:org.opensuse.security:def:34088	P	Security update for mailman (Moderate)	2020-12-01
oval:org.opensuse.security:def:33150	P	libgcc_s1-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27685	P	Security update for xorg-x11	2020-12-01
oval:org.opensuse.security:def:28054	P	Security update for cyrus-imapd (Important)	2020-12-01
oval:org.opensuse.security:def:28111	P	Security update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:27399	P	fileshareset on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35346	P	Security update for mysql (Important)	2020-12-01
oval:org.opensuse.security:def:35139	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:29606	P	Security update for bash (Moderate)	2020-12-01
oval:org.opensuse.security:def:30611	P	Security update for squid3	2020-12-01
oval:org.opensuse.security:def:29967	P	Security update for libpoppler	2020-12-01
oval:org.opensuse.security:def:29163	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:29306	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:34245	P	Security update for postgresql-init (Moderate)	2020-12-01
oval:org.opensuse.security:def:33189	P	libupsclient1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31979	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:28427	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:28138	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:28262	P	Security update for memcached (Important)	2020-12-01
oval:org.opensuse.security:def:27438	P	libcgroup-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35390	P	Security update for openldap2	2020-12-01
oval:org.opensuse.security:def:30526	P	Security update for jakarta	2020-12-01
oval:org.opensuse.security:def:30743	P	Security update for ansible (Moderate)	2020-12-01
oval:org.opensuse.security:def:30309	P	Security update for tar (Moderate)	2020-12-01
oval:org.opensuse.security:def:29207	P	Security update for openssl (Important)	2020-12-01
oval:org.opensuse.security:def:34303	P	Security update for quagga (Moderate)	2020-12-01
oval:org.opensuse.security:def:33212	P	nagios-plugins on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32017	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:27850	P	Security update for osc (Low)	2020-12-01
oval:org.opensuse.security:def:28495	P	Recommended update for openldap2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28195	P	Security update for libdb-4_5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28315	P	Security update for openssl (Important)	2020-12-01
oval:org.opensuse.security:def:27452	P	libguestfs-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32437	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:30833	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:30348	P	Security update for vim (Important)	2020-12-01
oval:org.opensuse.security:def:29845	P	Security update for Kernel	2020-12-01
oval:org.opensuse.security:def:26732	P	kvm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34767	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:34089	P	Security update for mailman (Important)	2020-12-01
oval:org.opensuse.security:def:34352	P	Security update for strongswan (Moderate)	2020-12-01
oval:org.opensuse.security:def:33256	P	socat on GA media (Moderate)	2020-12-01
oval:com.ubuntu.trusty:def:20168405000	V	CVE-2016-8405 on Ubuntu 14.04 LTS (trusty) - low.	2017-05-30
oval:com.ubuntu.xenial:def:20168405000	V	CVE-2016-8405 on Ubuntu 16.04 LTS (xenial) - low.	2017-05-30
oval:org.cisecurity:def:1938	P	DSA-3791-1 -- linux -- security update	2017-03-10
oval:com.ubuntu.xenial:def:201684050000000	V	CVE-2016-8405 on Ubuntu 16.04 LTS (xenial) - low.	2017-01-12
oval:com.ubuntu.artful:def:20168405000	V	CVE-2016-8405 on Ubuntu 17.10 (artful) - low.	2017-01-12
oval:com.ubuntu.bionic:def:20168405000	V	CVE-2016-8405 on Ubuntu 18.04 LTS (bionic) - low.	2017-01-12
oval:com.ubuntu.bionic:def:201684050000000	V	CVE-2016-8405 on Ubuntu 18.04 LTS (bionic) - low.	2017-01-12

BACK