Buffer Overflow Vulnerability in Qualcomm Snapdragon Products
CVE-2016-10490

9.8CRITICAL

Key Information:

Vendor: Qualcomm
Status: Mdm9206 Firmware
Vendor: CVE Published:; 18 April 2018

What is CVE-2016-10490?

A buffer overflow vulnerability exists in various Qualcomm Snapdragon products due to improper handling of signed integers in the qurt_qdi_state_local_new_handle_from_obj function. If a negative value is passed as an argument, a typecasting occurs, leading to memory corruption and potential unauthorized access. This issue affects multiple Snapdragon versions across automobile, mobile, and wear devices prior to the April 2018 security patches.

References

https://source.android.com/security/bulletin/2018-04-01

x_refsource_CONFIRM

http://www.securityfocus.com/bid/103671

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 18, 2018
Vulnerability Reserved
Aug 16, 2017