First published: Thu May 05 2016(Updated: )
The adreno_perfcounter_query_group function in drivers/gpu/msm/adreno_perfcounter.c in the Adreno GPU driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, uses an incorrect integer data type, which allows attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and incorrect memory allocation) or possibly have unspecified other impact via a crafted IOCTL_KGSL_PERFCOUNTER_QUERY ioctl call.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Kernel | >=3.0<=3.19.8 | |
Google Nexus 5X Firmware | ||
Google Nexus 5X | ||
Google Nexus 6P Firmware | ||
Google Nexus 6P Firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-2062 is classified as a moderate severity vulnerability due to its impact on device performance and potential for exploitation.
To fix CVE-2016-2062, you should update your kernel to a version that is patched against this vulnerability.
CVE-2016-2062 affects the Linux kernel versions 3.0 to 3.19.8, including specific Android devices using Qualcomm Adreno GPU drivers.
CVE-2016-2062 could lead to performance issues and potential unauthorized access, making systems vulnerable to attacks.
CVE-2016-2062 is not typically exploitable remotely but could be leveraged by a local attacker with the right circumstances.