CVE-2016-0826

Publication date 12 March 2016

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

7.8 · High

Score breakdown

libcameraservice in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not require use of the ICameraService::dump method for a camera service dump, which allows attackers to gain privileges via a crafted application that directly dumps, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26265403.

Status

Package Ubuntu Release Status
android 18.04 LTS bionic Not in release
17.10 artful Not in release
17.04 zesty
Fixed 20160307-0742-0ubuntu3
16.10 yakkety
Fixed 20160307-0742-0ubuntu3
16.04 LTS xenial
Fixed 20160307-0742-0ubuntu3
15.10 wily Ignored end of life
14.04 LTS trusty Not in release
12.04 LTS precise Not in release

Severity score breakdown

Parameter Value
Base score 7.8 · High
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H