3 matches found
CVE-2016-2060
server/TetherController.cpp in the tethering controller in netd, as distributed with Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, does not properly validate upstream interface names, which allows attackers to bypass intended access restrictions via a...
CVE-2016-2060
CVE-2016-2060 is a local privilege escalation in Qualcomm/netd tethering controls caused by inadequate validation of the upstream interface parameter. FireEye’s analysis and Qualcomm advisories describe that untrusted interface values can be passed through addUpstreamV6Interface to netd, which ul...
Exploiting CVE-2016-2060 on Qualcomm Devices
Mandiant’s Red Team recently discovered a widespread vulnerability affecting Android devices that permits local privilege escalation to the built-in user “radio”, making it so an attacker can potentially perform activities such as viewing the victim’s SMS database and phone history. The...