Vulnerability Details CVE-2016-10439
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, there is a TOCTOU vulnerability in the input validation for bulletin_board_read syscall. A pointer dereference is being validated without promising the pointer hasn't been changed by the HLOS program.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 35.7%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 9.3
References
Products affected by CVE-2016-10439
-
cpe:2.3:h:qualcomm:sd_425:-
-
cpe:2.3:h:qualcomm:sd_430:-
-
cpe:2.3:h:qualcomm:sd_450:-
-
cpe:2.3:h:qualcomm:sd_625:-
-
cpe:2.3:h:qualcomm:sd_650:-
-
cpe:2.3:h:qualcomm:sd_652:-
-
cpe:2.3:h:qualcomm:sd_820:-
-
cpe:2.3:h:qualcomm:sd_820a:-
-
cpe:2.3:o:qualcomm:sd_425_firmware:-
-
cpe:2.3:o:qualcomm:sd_430_firmware:-
-
cpe:2.3:o:qualcomm:sd_450_firmware:-
-
cpe:2.3:o:qualcomm:sd_625_firmware:-
-
cpe:2.3:o:qualcomm:sd_650_firmware:-
-
cpe:2.3:o:qualcomm:sd_652_firmware:-
-
cpe:2.3:o:qualcomm:sd_820_firmware:-
-
cpe:2.3:o:qualcomm:sd_820a_firmware:-