CVE-2016-10458Improper Restriction of Operations within the Bounds of a Memory Buffer in INC Snapdragon Mobile

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.2%
top 57.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qualcomm INC Snapdragon MobileGoogle Android
Timeline
PublishedApr 18
Latest updateMay 14

Description

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, SDX20, and Snapdragon_High_Med_2016, the 'proper' solution for this will be to ensure that any users of qsee_log in the bootchain (before Linux boots) unallocate their buffers and clear the qsee_log pointer. Until support for t

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5qualcomm_inc/snapdragon_mobileSD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016

🔴Vulnerability Details

1
GHSA
GHSA-cm44-x78v-rrf8: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD2022-05-14

📋Vendor Advisories

1
Android
CVE-2016-10458: Closed-source component2018-04-01