Lucene search

QualcommCVE-2016-10442

HistoryApr 18, 2018 - 2:29 p.m.

CVE-2016-10442

2018-04-1814:29:11

CWE-284

qualcomm

web.nvd.nist.gov

cve-2016-10442

android

qualcomm snapdragon

memory write

access control

security patch

vulnerability

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.002

Percentile

60.5%

JSON

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9640, SDM630, MSM8976, MSM8937, SDM845, MSM8976, and MSM8952, when running module or kernel code with improper access control allowing writing to arbitrary regions of memory, the user may utilize this vector to alter module executable code.

Affected configurations

Nvd

Node

qualcommmdm9640_firmwareMatch-

AND

qualcommmdm9640Match-

Node

qualcommsdm630_firmwareMatch-

AND

qualcommsdm630Match-

Node

qualcommmdm9650_firmwareMatch-

AND

qualcommmdm9650Match-

Node

qualcommmsm8976_firmwareMatch-

AND

qualcommmsm8976Match-

Node

qualcommmsm8937_firmwareMatch-

AND

qualcommmsm8937Match-

Node

qualcommsdm845_firmwareMatch-

AND

qualcommsdm845Match-

Node

qualcommmsm8976_firmwareMatch-

AND

qualcommmsm8976Match-

Node

qualcommmsm8952_firmwareMatch-

AND

qualcommmsm8952Match-

VendorProductVersionCPE
qualcommmdm9640_firmware-cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*
qualcommmdm9640-cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*
qualcommsdm630_firmware-cpe:2.3:o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*
qualcommsdm630-cpe:2.3:h:qualcomm:sdm630:-:*:*:*:*:*:*:*
qualcommmdm9650_firmware-cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
qualcommmdm9650-cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*
qualcommmsm8976_firmware-cpe:2.3:o:qualcomm:msm8976_firmware:-:*:*:*:*:*:*:*
qualcommmsm8976-cpe:2.3:h:qualcomm:msm8976:-:*:*:*:*:*:*:*
qualcommmsm8937_firmware-cpe:2.3:o:qualcomm:msm8937_firmware:-:*:*:*:*:*:*:*
qualcommmsm8937-cpe:2.3:h:qualcomm:msm8937:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qualcomm	mdm9640_firmware	-	cpe:2.3:o:qualcomm:mdm9640_firmware:-:::::::*
qualcomm	mdm9640	-	cpe:2.3:h:qualcomm:mdm9640:-:::::::*
qualcomm	sdm630_firmware	-	cpe:2.3:o:qualcomm:sdm630_firmware:-:::::::*
qualcomm	sdm630	-	cpe:2.3:h:qualcomm:sdm630:-:::::::*
qualcomm	mdm9650_firmware	-	cpe:2.3:o:qualcomm:mdm9650_firmware:-:::::::*
qualcomm	mdm9650	-	cpe:2.3:h:qualcomm:mdm9650:-:::::::*
qualcomm	msm8976_firmware	-	cpe:2.3:o:qualcomm:msm8976_firmware:-:::::::*
qualcomm	msm8976	-	cpe:2.3:h:qualcomm:msm8976:-:::::::*
qualcomm	msm8937_firmware	-	cpe:2.3:o:qualcomm:msm8937_firmware:-:::::::*
qualcomm	msm8937	-	cpe:2.3:h:qualcomm:msm8937:-:::::::*

Rows per page:

1-10 of 141

CNA Affected

[
  {
    "product": "Snapdragon Mobile",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "MDM9640, SDM630, MSM8976, MSM8937, SDM845, MSM8976, MSM8952"
      }
    ]
  }
]

References

www.securityfocus.com/bid/103671

source.android.com/security/bulletin/2018-04-01

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.002

Percentile

60.5%

JSON

Related for CVE-2016-10442