CVE-2016-5863

Vulnerability

An ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android lacks several sanity checks. This vulnerability (CVE-2016-5863) allows out-of-bounds reads or writes. The affected versions include all builds of the Qualcomm kernel driver prior to the patch date (July 2017). The exact affected version ranges are not specified in the available references [1].

Exploitation

An attacker needs local access to the device and the ability to issue an IOCTL call to the vulnerable Qualcomm driver. No authentication beyond the device user is required. The exploitation steps involve crafting a malicious IOCTL request that bypasses the missing sanity checks, leading to out-of-bounds memory access [1].

Impact

Successful exploitation allows an attacker to read or write out-of-bounds memory, which can lead to escalation of privileges from a normal user to the kernel level (elevation of privilege). The exact scope of information disclosure or control is not detailed in the references, but the severity is rated High (CVSS 7.8) [1].

Mitigation

A fix was included in the Android Security Bulletin for July 2017. Users should update to the security patch level of 2017-07-01 or later. No workarounds are documented. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog [1].