Information Disclosure Vulnerability in Android Bootloader by Google
CVE-2016-8461

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Android Kernel-3.18
Vendor: CVE Published:; 12 January 2017

What is CVE-2016-8461?

An information disclosure vulnerability exists in the bootloader of Android, potentially allowing a local attacker to access sensitive data that should be out of reach. By exploiting this flaw, unauthorized users could elevate their permissions and compromise the confidentiality of critical information. This issue highlights the importance of maintaining secure boot processes and monitoring access rights to prevent unintended data exposure.

Affected Version(s)

Android Kernel-3.18 Android Kernel-3.18

References

https://source.android.com/security/bulletin/2017-01-01.html

x_refsource_CONFIRM

http://www.securityfocus.com/bid/95237

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 12, 2017
Vulnerability Reserved
Oct 5, 2016

Linux

What is CVE-2016-8461?

Affected Version(s)

References

CVSS V3.1

Timeline