A vulnerability classified as critical has been found in Linux Kernel 3.x (Operating System). Affected is the function adreno_perfcounter_query_group of the file drivers/gpu/msm/adreno_perfcounter.c. The manipulation with an unknown input leads to a input validation vulnerability. CWE is classifying the issue as CWE-20. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

The adreno_perfcounter_query_group function in drivers/gpu/msm/adreno_perfcounter.c in the Adreno GPU driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, uses an incorrect integer data type, which allows attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and incorrect memory allocation) or possibly have unspecified other impact via a crafted IOCTL_KGSL_PERFCOUNTER_QUERY ioctl call.

The weakness was released 05/05/2016 (Website). The advisory is shared for download at codeaurora.org. This vulnerability is traded as CVE-2016-2062 since 01/25/2016. The exploitability is told to be easy. The attack needs to be approached locally. The exploitation doesn't require any form of authentication. There are known technical details, but no exploit is available.

Upgrading eliminates this vulnerability.

Entry connected to this vulnerability is available at 83735.

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

License

• open-source

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion