Lucene search

Ubuntu.comUB:CVE-2015-6596

HistoryOct 06, 2015 - 12:00 a.m.

CVE-2015-6596

2015-10-0600:00:00

ubuntu.com

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.001

Percentile

23.3%

JSON

mediaserver in Android before 5.1.1 LMY48T allows attackers to gain
privileges via a crafted application, aka internal bugs 20731946 and
20719651, a different vulnerability than CVE-2015-7717.

Notes

Author	Note
sbeattie	additional fix available in the latest binary drivers for Nexus devices (bug 20719651) 9ef830c6dbd4f6000b94abee3df14b9e27a38294 -> android 5-6 only, adds checks on binder calls first patch addresses mutliple crash issues related to threads in audio flinger
jdstrand	Ubuntu does not use audio flinger

References

android.googlesource.com/platform/frameworks/av/+/9ef830c6dbd4f6000b94abee3df14b9e27a38294%5E!/#F0

android.googlesource.com/platform/frameworks/av/+/b97ee930e4f7ed1587b869c92b4aa1dc90b641cc%5E!/#F0

groups.google.com/forum/#!topic/android-security-updates/iv1BF0f0XY4

launchpad.net/bugs/cve/CVE-2015-6596

nvd.nist.gov/vuln/detail/CVE-2015-6596

security-tracker.debian.org/tracker/CVE-2015-6596

www.cve.org/CVERecord?id=CVE-2015-6596

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.001

Percentile

23.3%

JSON

Related for UB:CVE-2015-6596