Improper Access Control in Qualcomm Snapdragon Products
CVE-2016-10422

9.8CRITICAL

Key Information:

Vendor: Qualcomm
Status: Small Cell Soc , Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
Vendor: CVE Published:; 18 April 2018

What is CVE-2016-10422?

An improper access control vulnerability exists in multiple Qualcomm Snapdragon platforms, affecting devices running Android prior to April 5, 2018. This vulnerability allows unauthorized access to system calls, potentially enabling malicious actors to exploit the security flaw. The affected products include a wide array of Snapdragon chipsets utilized in mobile and automotive applications, highlighting the crucial need for timely updates and security patches.

Affected Version(s)

Small Cell SoC , Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear FSM9055, IPQ4019, MDM9206, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDX20

References

https://source.android.com/security/bulletin/2018-04-01

x_refsource_CONFIRM

http://www.securityfocus.com/bid/103671

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 18, 2018
Vulnerability Reserved
Aug 16, 2017