Input Validation Vulnerability in Qualcomm Snapdragon Products
CVE-2016-10436

9.8CRITICAL

Key Information:

Vendor: Qualcomm
Status: Small Cell Soc , Snapdragon Mobile, Snapdragon Wear
Vendor: CVE Published:; 18 April 2018

Summary

This vulnerability exists in Qualcomm's Snapdragon products due to improper input validation, leading to potential memory corruption when handling read requests. Devices affected include various Qualcomm SoCs and mobile platforms that were not patched before April 5, 2018. Affected systems could be susceptible to security risks stemming from this oversight, potentially allowing malicious input to manipulate memory and execute unintended actions.

Affected Version(s)

Small Cell SoC , Snapdragon Mobile, Snapdragon Wear FSM9055, IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA4531, QCA9980, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SDX20

References

https://source.android.com/security/bulletin/2018-04-01

x_refsource_CONFIRM

http://www.securityfocus.com/bid/103671

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 18, 2018
Vulnerability Reserved
Aug 16, 2017