VYPR
← All advisories
Critical severity9.8NVD Advisory· Published Apr 18, 2016· Updated May 6, 2026

CVE-2016-2416

CVE-2016-2416

Description

Missing permission check in Android mediaserver's BufferQueueConsumer::dump allows unprivileged attackers to obtain sensitive information and bypass protection mechanisms.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Missing permission check in Android mediaserver's BufferQueueConsumer::dump allows unprivileged attackers to obtain sensitive information and bypass protection mechanisms.

Vulnerability

The vulnerability resides in libs/gui/BufferQueueConsumer.cpp within the mediaserver process. The dump function lacks a check for the android.permission.DUMP permission. This affects Android versions 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 [1]. The missing permission check allows any process to invoke the dump functionality without proper authorization.

Exploitation

An attacker with local access to the device can send a dump request to the mediaserver process without needing any special permissions. No user interaction is required beyond the attacker having the ability to execute code or commands on the device. The attacker can trigger the dump via the dumpsys command or similar mechanisms that interact with the mediaserver service [1].

Impact

Successful exploitation allows the attacker to obtain sensitive information from the BufferQueueConsumer state, which can include details about graphics buffers and potentially other system data. This information disclosure can be used to bypass unspecified protection mechanisms, such as gaining Signature or SignatureOrSystem access levels [1]. The impact is high as it can lead to privilege escalation and further compromise.

Mitigation

The fix was introduced in the Android Open Source Project (AOSP) via commit 85d253fab5e2c01bd90990667c6de25c282fc5cd [2]. The patch adds a permission check for android.permission.DUMP in the BufferQueueConsumer::dump method. Users should update to Android versions that include the April 2016 security update or later [1]. No workaround is available for unpatched devices.

References
  1. Nexus Security Bulletin—April 2016
  2. 85d253fab5e2c01bd90990667c6de25c282fc5cd - platform/frameworks/native - Git at Google

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

23
  • Google/Android23 versions
    cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*+ 22 more
    • cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
    • (no CPE)range: 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-04-01

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.