Improper Validation of Upstream Interface Names in Tethering Controller in netd

Improper Validation of Upstream Interface Names in Tethering Controller in netd

CVE-2016-2060 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

server/TetherController.cpp in the tethering controller in netd, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate upstream interface names, which allows attackers to bypass intended access restrictions via a crafted application.

Learn more about our Cis Benchmark Audit For Google Android.