Privilege Escalation via Large Size in Qualcomm USB Driver

CVE-2016-2502 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

drivers/usb/gadget/f_serial.c in the Qualcomm USB driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a large size in a GSER_IOCTL ioctl call, aka Android internal bug 27657963 and Qualcomm internal bug CR997044.

Learn more about our Cis Benchmark Audit For Google Android.