CVE-2016-3859

Vulnerability

The Qualcomm camera driver in Android before 2016-09-05 on Nexus 5, 5X, 6, and 6P devices contains a flaw that allows privilege escalation. The vulnerability resides in the camera driver's interaction with the Linux kernel, where a crafted application can trigger an unspecified issue (Android internal bug 28815326, Qualcomm CR1034641). Affected versions include all Android builds prior to the September 2016 security patch level. [1]

Exploitation

An attacker needs to install a malicious application on the device. No additional privileges or user interaction beyond installation are required. The crafted application can then send crafted inputs through the camera driver interface, exploiting the vulnerability to execute arbitrary code in the kernel context. [1]

Impact

Successful exploitation allows the attacker to execute arbitrary code within the kernel, gaining complete control of the device. This includes the ability to read, modify, or delete any data, install additional software, and bypass security mechanisms such as SELinux policies. The attack achieves the highest privilege level on the device (kernel-level). [1]

Mitigation

The fix is included in the Android security update released on 2016-09-01, part of the September 2016 security patch level. Users should ensure their device has received this update. No workarounds are documented. Devices that have reached end-of-life may not receive the patch. The vulnerability is not known to be listed in CISA KEV. [1]