Bug 1868218 (CVE-2016-2066)

Summary: CVE-2016-2066 kernel: integer signedness error in the MSM QDSP6 audio driver
Product: [Other] Security Response Reporter: Dhananjay Arunesh <darunesh>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: acaringi, airlied, bhu, blc, bmasney, brdeoliv, bskeggs, dhoward, dvlasenk, esammons, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jeremy, jforbes, jglisse, jlelli, john.j5live, jonathan, josef, jross, jshortt, jstancek, jwboyer, kcarcia, kernel-maint, kernel-mgr, labbott, lgoncalv, linville, masami256, matt, mchehab, mcressma, mjg59, mlangsdo, nmurray, ptalbert, qzhao, rt-maint, rvrbovsk, steved, williams
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-08-12 15:23:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1868220    
Bug Blocks: 1868219    

Description Dhananjay Arunesh 2020-08-12 03:13:27 UTC 
Integer signedness error in the MSM QDSP6 audio driver for the Linux kernel, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application that makes an ioctl call.


References:
https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=775fca8289eff931f91ff6e8c36cf2034ba59e88
Comment 1 Dhananjay Arunesh 2020-08-12 03:15:28 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1868220]
Comment 2 Justin M. Forbes 2020-08-12 13:43:14 UTC 
Another Android only bug in a driver which does not exist upstream.