CVE-2016-10462 : In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdra

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, the Access Control policy for HLOS allows access to Slimbus, GPU, GIC resources.

Published 2018-04-18 14:29:13

Updated 2018-05-01 16:54:48

Source Qualcomm, Inc.

View at NVD, CVE.org

Vulnerability category: BypassGain privilege

Products affected by CVE-2016-10462

Qualcomm » Sd 410 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 410 » Version: N/A
Qualcomm » Sd 425 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 425 » Version: N/A
Qualcomm » Sd 430 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 430 » Version: N/A
Qualcomm » Sd 615 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 615 » Version: N/A
Qualcomm » Sd 415 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 415 » Version: N/A
Qualcomm » Sd 625 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 625 » Version: N/A
Qualcomm » Sd 650 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 650 » Version: N/A
Qualcomm » Sd 820 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 820 » Version: N/A
Qualcomm » Sd 835 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 835 » Version: N/A
Qualcomm » Sd 845 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 845 » Version: N/A
Qualcomm » Sd 412 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 412 » Version: N/A
Qualcomm » Sd 616 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 616 » Version: N/A
Qualcomm » Sd 652 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 652 » Version: N/A
Qualcomm » Sd 450 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 450 » Version: N/A
Qualcomm » Sd 808 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 808 » Version: N/A
Qualcomm » Sd 810 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 810 » Version: N/A
Qualcomm » Sd 850 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 850 » Version: N/A
Qualcomm » Sd 820a Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 820a » Version: N/A
Qualcomm » Sd 427 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_427_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 427 » Version: N/A
Qualcomm » Sd 435 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_435_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 435 » Version: N/A
Qualcomm » Sdm630 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm630 » Version: N/A
Qualcomm » Sdm636 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm636_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm636 » Version: N/A
Qualcomm » Sdm660 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm660 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2016-10462

EPSS FAQ

0.18%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 36 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-10462

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2016-10462

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-10462

https://source.android.com/security/bulletin/2018-04-01

Android Security Bulletin—April 2018 | Android Open Source Project
Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/103671

Google Android Multiple Qualcomm Components Multiple Unspecified Security Vulnerabilities
Third Party Advisory;VDB Entry

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2016-10462

Products affected by CVE-2016-10462

Exploit prediction scoring system (EPSS) score for CVE-2016-10462

CVSS scores for CVE-2016-10462

CWE ids for CVE-2016-10462

References for CVE-2016-10462