CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
23.3%
mediaserver in Android before 5.1.1 LMY48T allows attackers to gain
privileges via a crafted application, aka internal bugs 20731946 and
20719651, a different vulnerability than CVE-2015-7717.
Author | Note |
---|---|
sbeattie | additional fix available in the latest binary drivers for Nexus devices (bug 20719651) 9ef830c6dbd4f6000b94abee3df14b9e27a38294 -> android 5-6 only, adds checks on binder calls first patch addresses mutliple crash issues related to threads in audio flinger |
jdstrand | Ubuntu does not use audio flinger |
android.googlesource.com/platform/frameworks/av/+/9ef830c6dbd4f6000b94abee3df14b9e27a38294%5E!/#F0
android.googlesource.com/platform/frameworks/av/+/b97ee930e4f7ed1587b869c92b4aa1dc90b641cc%5E!/#F0
groups.google.com/forum/#!topic/android-security-updates/iv1BF0f0XY4
launchpad.net/bugs/cve/CVE-2015-6596
nvd.nist.gov/vuln/detail/CVE-2015-6596
security-tracker.debian.org/tracker/CVE-2015-6596
www.cve.org/CVERecord?id=CVE-2015-6596