Vulnerability CVE-2016-10481


Published: 2018-04-18

Description:
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 600, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, if WLAN FW receives the WMI_STA_SMPS_PARAM_CMDID ioctl in not-associated state, when the virtual channel handle is not assigned, the code doesn't check for NULL virtual channel handle, so an assert occurs.

Type:

CWE-17

(Code)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Qualcomm -> Mdm9607 firmware 
Qualcomm -> Sd 600 firmware 
Qualcomm -> Mdm9635m firmware 
Qualcomm -> Sd 625 firmware 
Qualcomm -> Mdm9640 firmware 
Qualcomm -> Sd 650 firmware 
Qualcomm -> Mdm9650 firmware 
Qualcomm -> Sd 652 firmware 
Qualcomm -> Qca4531 firmware 
Qualcomm -> Sd 808 firmware 
Qualcomm -> Qca6174a firmware 
Qualcomm -> Sd 810 firmware 
Qualcomm -> Qca6574au firmware 
Qualcomm -> Sd 820 firmware 
Qualcomm -> Qca6584 firmware 
Qualcomm -> Sd 835 firmware 
Qualcomm -> Qca6584au firmware 
Qualcomm -> Sd 845 firmware 
Qualcomm -> Qca9377 firmware 
Qualcomm -> Sdx20 firmware 
Qualcomm -> Qca9378 firmware 
Qualcomm -> Qca9379 firmware 
Qualcomm -> Sd 205 firmware 
Qualcomm -> Sd 210 firmware 
Qualcomm -> Sd 212 firmware 
Qualcomm -> Sd 425 firmware 

 References:
http://www.securityfocus.com/bid/103671
https://source.android.com/security/bulletin/2018-04-01

Copyright 2020, cxsecurity.com

 

Back to Top