CVE-2016-2419
First published: Mon Apr 18 2016(Updated: )
media/libmedia/IDrm.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize a certain key-request data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26323455.
Credit: security@android.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Android | =6.0 | |
| Android | =6.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-2419?
CVE-2016-2419 is rated as a high severity vulnerability due to its potential to allow attackers to access sensitive information.
How do I fix CVE-2016-2419?
To fix CVE-2016-2419, update your Android device to the latest version released after April 1, 2016.
What impact does CVE-2016-2419 have on Android devices?
CVE-2016-2419 allows unauthorized access to process memory, leading to potential exposure of sensitive data.
Which versions of Android are affected by CVE-2016-2419?
CVE-2016-2419 affects Android versions 6.0 and 6.0.1.
What components of Android are related to CVE-2016-2419?
CVE-2016-2419 is related to the media server's IDrm.cpp component in Android.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/google
- canonical/android
- version/android/6.0
- version/android/6.0.1