Note:
This project will be discontinued after December 13, 2021. [more]
2016-08-06
The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717.
| Products | Android, Linux_kernel |
| Type | Information Exposure (CWE-200) |
| First patch | - None (likely due to unavailable code) |
| Links |
• http://source.android.com/security/bulletin/2016-08-01.html
• http://www.securityfocus.com/bid/92222 • https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=591b1f455c32206704cbcf426bb30911c260c33e |