CVE-2015-8888
Publication date 11 July 2016
Last updated 25 August 2025
Ubuntu priority
Integer overflow in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to bypass intended access restrictions via a crafted block count and block size of a sparse header, aka Android internal bug 28822465 and Qualcomm internal bug CR813933.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| linux | 16.04 LTS xenial |
Not affected
|
| 14.04 LTS trusty |
Not affected
|
|
| linux-armadaxp | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-goldfish | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-grouper | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-linaro-omap | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-linaro-shared | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-linaro-vexpress | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-lts-quantal | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-lts-raring | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-lts-saucy | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-lts-trusty | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-lts-utopic | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-lts-vivid | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-lts-wily | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-lts-xenial | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty |
Not affected
|
|
| linux-qcm-msm | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-raspi2 | 16.04 LTS xenial |
Not affected
|
| 14.04 LTS trusty | Not in release | |
| linux-snapdragon | 16.04 LTS xenial |
Not affected
|
| 14.04 LTS trusty | Not in release | |
| linux-ti-omap4 | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-flo | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-maguro | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-mako | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| linux-manta | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
Notes
mdeslaur
this is in the kernel that runs in trustzone on Qualcomm devices not the linux kernel.
jdstrand
android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.8 · High
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |