Sign-up

ID

VAR-201603-0024


CVE

CVE-2016-0819


TITLE

Android of Qualcomm Privileged vulnerability in performance component

Trust: 0.8

sources: JVNDB: JVNDB-2016-001796

DESCRIPTION

The Qualcomm performance component in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 25364034. Android of Qualcomm The performance component contains a privileged vulnerability. Vendors have confirmed this vulnerability Bug 25364034 It is released as.An attacker could gain privileges through a crafted application. GoogleNexus is a series of smart devices based on the Android operating system, including mobile phones and tablets. The smart device is powered by Google and licensed to partner hardware vendors for manufacturing. Qualcommperformance is one of the Qualcomm performance components. A local attacker can exploit this vulnerability to execute arbitrary code in the kernel

Trust: 2.25

sources: NVD: CVE-2016-0819 // JVNDB: JVNDB-2016-001796 // CNVD: CNVD-2016-01692 // VULMON: CVE-2016-0819

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-01692

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:eqversion:4.2

Trust: 1.6

vendor:googlemodel:androidscope:eqversion:4.2.1

Trust: 1.6

vendor:googlemodel:androidscope:eqversion:4.0.3

Trust: 1.6

vendor:googlemodel:androidscope:eqversion:4.0.4

Trust: 1.6

vendor:googlemodel:androidscope:eqversion:4.0.1

Trust: 1.6

vendor:googlemodel:androidscope:eqversion:4.1.2

Trust: 1.6

vendor:googlemodel:androidscope:eqversion:4.0.2

Trust: 1.6

vendor:googlemodel:androidscope:eqversion:4.2.2

Trust: 1.6

vendor:googlemodel:androidscope:eqversion:4.0

Trust: 1.6

vendor:googlemodel:androidscope:eqversion:4.1

Trust: 1.6

vendor:googlemodel:androidscope:eqversion:6.0

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:4.4

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:5.0.1

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:5.0

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:5.1.0

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:5.1.1

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:4.3

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:4.4.2

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:4.4.3

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:5.1

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:4.4.1

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:6.0.1

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:4.3.1

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:5.0.2

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:5.1.1 lmy49h

Trust: 0.8

vendor:googlemodel:androidscope:ltversion:5.x

Trust: 0.8

vendor:googlemodel:androidscope:ltversion:2016-03-01 earlier 6.x

Trust: 0.8

vendor:googlemodel:androidscope:eqversion:4.4.4

Trust: 0.8

vendor:googlemodel:androidscope:ltversion:4.x

Trust: 0.8

vendor:googlemodel:nexus <builds lmy49hscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2016-01692 // JVNDB: JVNDB-2016-001796 // CNNVD: CNNVD-201603-131 // NVD: CVE-2016-0819

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-0819
value: HIGH

Trust: 1.0

NVD: CVE-2016-0819
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-01692
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201603-131
value: CRITICAL

Trust: 0.6

VULMON: CVE-2016-0819
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-0819
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2016-01692
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2016-0819
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2016-01692 // VULMON: CVE-2016-0819 // JVNDB: JVNDB-2016-001796 // CNNVD: CNNVD-201603-131 // NVD: CVE-2016-0819

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.8

sources: JVNDB: JVNDB-2016-001796 // NVD: CVE-2016-0819

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201603-131

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201603-131

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001796

PATCH
title:Nexus Security Bulletin - March 2016url:http://source.android.com/security/bulletin/2016-03-01.html
Trust: 0.8
title:Patch for GoogleNexusQualcommperformance component privilege vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/72542
Trust: 0.6
title:Android Qualcomm performance Fixing measures for component privilege vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60491
Trust: 0.6
title:Android Security Bulletins: Nexus Security Bulletin - March 2016url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=bdec4bc902496de72a50f4fbaa9a726a
Trust: 0.1
title:Linux-Kernel-exploiturl:https://github.com/skbasava/Linux-Kernel-exploit 
Trust: 0.1
title:kernel-exploitation-linuxurl:https://github.com/Technoashofficial/kernel-exploitation-linux 
Trust: 0.1
title:linux-kernel-exploitationurl:https://github.com/s0wr0b1ndef/linux-kernel-exploitation 
Trust: 0.1
title:linux-kernel-exploitationurl:https://github.com/vahalen/linux-kernel-exploitation 
Trust: 0.1
title:The Registerurl:https://www.theregister.co.uk/2016/03/16/trend_qualcomm_snapdragon_android/
Trust: 0.1
title:Threatposturl:https://threatpost.com/google-fixes-critical-android-mediaserver-bugs-again/116614/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-01692 // 
            
            
            
            VULMON: CVE-2016-0819 // 
            
            
            
            JVNDB: JVNDB-2016-001796 // 
            
            
            
            CNNVD: CNNVD-201603-131

EXTERNAL IDS
db:NVDid:CVE-2016-0819
Trust: 3.1
db:BIDid:84250
Trust: 1.1
db:JVNDBid:JVNDB-2016-001796
Trust: 0.8
db:CNVDid:CNVD-2016-01692
Trust: 0.6
db:CNNVDid:CNNVD-201603-131
Trust: 0.6
db:VULMONid:CVE-2016-0819
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-01692 // 
            
            
            
            VULMON: CVE-2016-0819 // 
            
            
            
            JVNDB: JVNDB-2016-001796 // 
            
            
            
            CNNVD: CNNVD-201603-131 // 
            
            
            
            NVD: CVE-2016-0819

REFERENCES
url:http://blog.trendmicro.com/trendlabs-security-intelligence/android-vulnerabilities-allow-easy-root-access/
Trust: 1.2
url:https://source.android.com/security/bulletin/2016-03-01.html#security_vulnerability_summary
Trust: 1.2
url:http://source.android.com/security/bulletin/2016-03-01.html
Trust: 1.2
url:http://www.securityfocus.com/bid/84250
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0819
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0819
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/264.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.theregister.co.uk/2016/03/16/trend_qualcomm_snapdragon_android/
Trust: 0.1
url:https://threatpost.com/google-fixes-critical-android-mediaserver-bugs-again/116614/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-01692 // 
            
            
            
            VULMON: CVE-2016-0819 // 
            
            
            
            JVNDB: JVNDB-2016-001796 // 
            
            
            
            CNNVD: CNNVD-201603-131 // 
            
            
            
            NVD: CVE-2016-0819

SOURCES
db:CNVDid:CNVD-2016-01692
db:VULMONid:CVE-2016-0819
db:JVNDBid:JVNDB-2016-001796
db:CNNVDid:CNNVD-201603-131
db:NVDid:CVE-2016-0819

LAST UPDATE DATE
2025-04-13T23:26:39.382000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-01692date:2016-03-16T00:00:00
db:VULMONid:CVE-2016-0819date:2016-11-28T00:00:00
db:JVNDBid:JVNDB-2016-001796date:2016-03-22T00:00:00
db:CNNVDid:CNNVD-201603-131date:2016-03-14T00:00:00
db:NVDid:CVE-2016-0819date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-01692date:2016-03-16T00:00:00
db:VULMONid:CVE-2016-0819date:2016-03-12T00:00:00
db:JVNDBid:JVNDB-2016-001796date:2016-03-22T00:00:00
db:CNNVDid:CNNVD-201603-131date:2016-03-10T00:00:00
db:NVDid:CVE-2016-0819date:2016-03-12T21:59:03.853