CVE-2016-10439

Summary

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, there is a TOCTOU vulnerability in the input validation for bulletin_board_read syscall. A pointer dereference is being validated without promising the pointer hasn't been changed by the HLOS program.

Affected Software

VendorProductVersion RangeStatus
Qualcomm, Inc.Snapdragon Automobile, Snapdragon MobileSD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820Aaffected

Weaknesses

  • Time-of-check Time-of-use (TOCTOU) Race Condition in Core.

ADP Enrichment

CVE Program Container

Additional References

References