Stack-Based Buffer Overflow in Qualcomm's Snapdragon Products
CVE-2016-10450

9.8CRITICAL

Key Information:

Vendor: Qualcomm
Status: Small Cell Soc, Snapdragon Mobile, Snapdragon Wear
Vendor: CVE Published:; 18 April 2018

Summary

A potential stack-based buffer overflow vulnerability exists in the thermal service of various Qualcomm Snapdragon products prior to the security patch in April 2018. Exploitation of this weakness could allow an attacker to execute arbitrary code with elevated privileges, potentially leading to full system compromise. This vulnerability affects multiple models within the Snapdragon family, posing a significant risk to device security.

Affected Version(s)

Small Cell SoC, Snapdragon Mobile, Snapdragon Wear FSM9055, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SDX20

References

https://source.android.com/security/bulletin/2018-04-01

x_refsource_CONFIRM

http://www.securityfocus.com/bid/103671

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 18, 2018
Vulnerability Reserved
Aug 16, 2017