Vulnerability Name: CVE-2016-10445 (CCN-142763) Assigned: 2017-08-16 Published: 2018-04-04 Updated: 2018-05-01 Summary: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, input is not properly validated in a QTEE API function. CVSS v3 Severity: 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): HighAvailibility (A): None
CVSS v2 Severity: 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): CompleteAvailibility (A): None
Vulnerability Type: CWE-20 Vulnerability Consequences: Gain Access References: Source: MITRECVE-2016-10445 103671 Google Android Multiple Qualcomm Components Multiple Unspecified Security Vulnerabilities Android android-cve201610445-unspecified(142763) Android Security Bulletin—April 2018 https://source.android.com/security/bulletin/2018-04-01 Vulnerable Configuration: Configuration 1 :cpe:/o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_410:-:*:*:*:*:*:*:* Configuration 2 :cpe:/o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_412:-:*:*:*:*:*:*:* Configuration 3 :cpe:/o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_425:-:*:*:*:*:*:*:* Configuration 4 :cpe:/o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_430:-:*:*:*:*:*:*:* Configuration 5 :cpe:/o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_450:-:*:*:*:*:*:*:* Configuration 6 :cpe:/o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_615:-:*:*:*:*:*:*:* Configuration 7 :cpe:/o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_616:-:*:*:*:*:*:*:* Configuration 8 :cpe:/o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_415:-:*:*:*:*:*:*:* Configuration 9 :cpe:/o:qualcomm:sd_435_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_435:-:*:*:*:*:*:*:* Configuration 10 :cpe:/o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_625:-:*:*:*:*:*:*:* Configuration 11 :cpe:/o:qualcomm:sd_427_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_427:-:*:*:*:*:*:*:* Configuration 12 :cpe:/o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sdm630:-:*:*:*:*:*:*:* Configuration 13 :cpe:/o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_820a:-:*:*:*:*:*:*:* Configuration 14 :cpe:/o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_820:-:*:*:*:*:*:*:* Configuration 15 :cpe:/o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_835:-:*:*:*:*:*:*:* Configuration 16 :cpe:/o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_845:-:*:*:*:*:*:*:* Configuration 17 :cpe:/o:qualcomm:sdm636_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sdm636:-:*:*:*:*:*:*:* Configuration 18 :cpe:/o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_850:-:*:*:*:*:*:*:* Configuration 19 :cpe:/o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sdm660:-:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/o:google:android:*:*:*:*:*:*:*:* BACK
qualcomm sd 410 firmware -
qualcomm sd 410 -
qualcomm sd 412 firmware -
qualcomm sd 412 -
qualcomm sd 425 firmware -
qualcomm sd 425 -
qualcomm sd 430 firmware -
qualcomm sd 430 -
qualcomm sd 450 firmware -
qualcomm sd 450 -
qualcomm sd 615 firmware -
qualcomm sd 615 -
qualcomm sd 616 firmware -
qualcomm sd 616 -
qualcomm sd 415 firmware -
qualcomm sd 415 -
qualcomm sd 435 firmware -
qualcomm sd 435 -
qualcomm sd 625 firmware -
qualcomm sd 625 -
qualcomm sd 427 firmware -
qualcomm sd 427 -
qualcomm sdm630 firmware -
qualcomm sdm630 -
qualcomm sd 820a firmware -
qualcomm sd 820a -
qualcomm sd 820 firmware -
qualcomm sd 820 -
qualcomm sd 835 firmware -
qualcomm sd 835 -
qualcomm sd 845 firmware -
qualcomm sd 845 -
qualcomm sdm636 firmware -
qualcomm sdm636 -
qualcomm sd 850 firmware -
qualcomm sd 850 -
qualcomm sdm660 firmware -
qualcomm sdm660 -
google android *
Denotes that component is vulnerable