CVE-2016-10486
Severity CVSS v4.0:
Pending analysis
Type:
CWE-119
Buffer Errors
Publication date:
18/04/2018
Last modified:
01/05/2018
Description
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9640, MDM9645, SD 210/SD 212/SD 205, SD 450, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, and SD 820A, PD failure reason string from user PD is used directly in root PD, so if the buffer parameter is non-NULL terminated in Diag F3 APIs, a buffer overread occurs.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:qualcomm:mdm9645_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:qualcomm:mdm9645:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page