First published: Mon Apr 02 2018(Updated: )
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, and SD 820, while processing smart card requests, a buffer overflow can occur.
Credit: product-security@qualcomm.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Android | ||
Qualcomm Sd 210 Firmware | ||
Qualcomm Sd 210 | ||
Qualcomm Sd 212 Firmware | ||
Qualcomm Sd 212 | ||
Qualcomm Sd 205 Firmware | ||
Qualcomm Sd 205 | ||
Qualcomm Sd 400 Firmware | ||
Qualcomm Sd 400 | ||
Qualcomm Sd 430 Firmware | ||
Qualcomm Sd 430 | ||
Qualcomm Sd 615 Firmware | ||
Qualcomm Sd 615 | ||
Qualcomm Sd 616 Firmware | ||
Qualcomm Sd 616 | ||
Qualcomm Sd 415 Firmware | ||
Qualcomm Sd 415 | ||
Qualcomm Sd 617 Firmware | ||
Qualcomm Sd 617 | ||
Qualcomm Sd 625 Firmware | ||
Qualcomm Sd 625 | ||
Qualcomm Sd 650 Firmware | ||
Qualcomm Sd 650 | ||
Qualcomm Sd 652 Firmware | ||
Qualcomm Sd 652 | ||
Qualcomm Sd 800 Firmware | ||
Qualcomm Sd 800 | ||
Google Android | ||
Qualcomm Sd 808 | ||
Google Android | ||
Qualcomm Sd 810 | ||
Qualcomm Sd 820 Firmware | ||
Qualcomm Sd 820 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2016-10477 is critical with a severity score of 9.8.
The affected software for CVE-2016-10477 includes Android versions before 2018-04-05 or any earlier security patch level on Qualcomm Snapdragon Mobile SD 210, SD 212, SD 205, SD 400, SD 430, SD 615, SD 616, SD 415, SD 617, SD 625, SD 650, SD 652, SD 800, SD 808, SD 810, and SD 820.
CVE-2016-10477 occurs due to a buffer overflow while processing smart card requests.
To fix CVE-2016-10477, it is recommended to update to Android version 2018-04-05 or a later security patch level.
More information about CVE-2016-10477 can be found at the following references: [1](http://www.securityfocus.com/bid/103671), [2](https://source.android.com/security/bulletin/2018-04-01), [3](https://source.android.com/docs/security/bulletin/2018-04-01/#asterisk).