First published: Mon Apr 02 2018(Updated: )
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9607, MDM9615, MDM9635M, MDM9640, SD 210/SD 212/SD 205, SD 400, SD 600, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 810, and SD 820, an arbitrary length value from an incoming message to QMI Proxy can lead to an out-of-bounds write in the stack variable message.
Credit: product-security@qualcomm.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Android | ||
Qualcomm Mdm9607 Firmware | ||
Qualcomm Mdm9607 | ||
Qualcomm Mdm9615 Firmware | ||
Qualcomm Mdm9615 | ||
Google Android | ||
Qualcomm Mdm9635m | ||
Qualcomm Mdm9640 Firmware | ||
Qualcomm Mdm9640 | ||
Qualcomm Sd 210 Firmware | ||
Qualcomm Sd 210 | ||
Qualcomm Sd 212 Firmware | ||
Qualcomm Sd 212 | ||
Qualcomm Sd 205 Firmware | ||
Qualcomm Sd 205 | ||
Qualcomm Sd 400 Firmware | ||
Qualcomm Sd 400 | ||
Qualcomm Sd 600 Firmware | ||
Qualcomm Sd 600 | ||
Qualcomm Sd 415 Firmware | ||
Qualcomm Sd 415 | ||
Qualcomm Sd 617 Firmware | ||
Qualcomm Sd 617 | ||
Qualcomm Sd 650 Firmware | ||
Qualcomm Sd 650 | ||
Qualcomm Sd 652 Firmware | ||
Qualcomm Sd 652 | ||
Qualcomm Sd 800 Firmware | ||
Qualcomm Sd 800 | ||
Google Android | ||
Qualcomm Sd 810 | ||
Qualcomm Sd 820 Firmware | ||
Qualcomm Sd 820 | ||
Qualcomm Sd 615 Firmware | ||
Qualcomm Sd 615 | ||
Qualcomm Sd 616 Firmware | ||
Qualcomm Sd 616 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-10479 is a vulnerability in Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9607, MDM9615, MDM9635M, MDM9640, SD 210/SD 212/SD 205, SD 400, SD 600, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 810, and SD 820. An arbitrary length value from an incoming message to QMI Proxy can lead to a buffer overflow.
CVE-2016-10479 has a severity rating of 9.8 (critical).
CVE-2016-10479 affects Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9607, MDM9615, MDM9635M, MDM9640, SD 210/SD 212/SD 205, SD 400, SD 600, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 810, and SD 820.
To fix CVE-2016-10479, update your Android device to the 2018-04-05 security patch level or later.
Yes, Qualcomm MDM9607 is affected by CVE-2016-10479.