Variable-length arrays in Qualcomm camera driver on Android devices allow privilege escalation via crafted applications

Variable-length arrays in Qualcomm camera driver on Android devices allow privilege escalation via crafted applications

CVE-2016-3934 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

drivers/media/platform/msm/camera_v2/sensor/io/msm_camera_cci_i2c.c in the Qualcomm camera driver in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices relies on variable-length arrays, which allows attackers to gain privileges via a crafted application, aka Android internal bug 30102557 and Qualcomm internal bug CR 789704.

Learn more about our Cis Benchmark Audit For Google Android.