CVE-2016-10442Improper Access Control in INC Snapdragon Mobile

CWE-284Improper Access Control3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.2%
top 62.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qualcomm INC Snapdragon MobileGoogle Android
Timeline
PublishedApr 18
Latest updateMay 14

Description

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9640, SDM630, MSM8976, MSM8937, SDM845, MSM8976, and MSM8952, when running module or kernel code with improper access control allowing writing to arbitrary regions of memory, the user may utilize this vector to alter module executable code.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5qualcomm_inc/snapdragon_mobileMDM9640, SDM630, MSM8976, MSM8937, SDM845, MSM8976, MSM8952

🔴Vulnerability Details

1
GHSA
GHSA-3mj2-f6g2-rqg9: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9640, SDM630, MSM8976, MSM8937, SDM845, MSM8976, and MSM2022-05-14

📋Vendor Advisories

1
Android
CVE-2016-10442: Closed-source component2018-04-01