Elevation of Privilege Vulnerability in Synaptics Touchscreen Driver on Android Devices
CVE-2016-6743

7.8HIGH

Key Information:

Vendor: Google
Status: Android Kernel-3.10
Vendor: CVE Published:; 25 November 2016

Summary

A vulnerability exists in the Synaptics touchscreen driver for Android devices that allows local malicious applications to execute arbitrary code with kernel-level permissions. This flaw requires the initial compromise of a privileged process, giving attackers the potential to exploit it to gain elevated access. The affected Android versions are those released before November 5, 2016. Security updates have been issued to address this issue and protect devices from potential exploitation.

Affected Version(s)

Android Kernel-3.10 Android Kernel-3.10

References

http://www.securityfocus.com/bid/94131

vdb-entryx_refsource_BID

https://source.android.com/security/bulletin/2016-11-01.html

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 25, 2016
Vulnerability Reserved
Aug 11, 2016