First published: Mon Apr 02 2018(Updated: )
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, MDM9645, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, stopping of the DTR prematurely causes micro kernel to be stuck. This can be triggered with a timing change injectable in RACH procedure.
Credit: product-security@qualcomm.com
Affected Software | Affected Version | How to fix |
---|---|---|
Android | ||
Qualcomm MDM9206 | ||
Qualcomm MDM9206 firmware | ||
Qualcomm MD9607 Firmware | ||
Qualcomm MDM9607 firmware | ||
Qualcomm MDM9615M Firmware | ||
Qualcomm MDM9615 firmware | ||
Qualcomm MDM9625M | ||
Qualcomm MDM9625 firmware | ||
Qualcomm MDM9635M firmware | ||
Qualcomm MDM9635M firmware | ||
Qualcomm MDM9645 | ||
Qualcomm MDM9645 | ||
Qualcomm MDM9650 | ||
Qualcomm MDM9650 firmware | ||
Qualcomm MDM9655 firmware | ||
Qualcomm MDM9655 firmware | ||
Qualcomm SD210 Firmware | ||
Qualcomm SD 210 Firmware | ||
Qualcomm SD 212 | ||
Qualcomm SD 212 Firmware | ||
Qualcomm 205 Firmware | ||
Qualcomm SD205 Firmware | ||
Qualcomm SD 400 Firmware | ||
Qualcomm Snapdragon 400 | ||
Qualcomm SD410 Firmware | ||
Qualcomm Snapdragon 410 | ||
Qualcomm SD412 Firmware | ||
Qualcomm SD412 | ||
Qualcomm SDR425 Firmware | ||
Qualcomm Snapdragon 425 | ||
Qualcomm SD 430 Firmware | ||
Qualcomm SD 430 Firmware | ||
Qualcomm SDM450 Firmware | ||
Qualcomm SDM450 | ||
Qualcomm SD615 Firmware | ||
Qualcomm Snapdragon 615 | ||
Qualcomm SD 616 Firmware | ||
Qualcomm Snapdragon 616 | ||
Qualcomm Snapdragon 415 Firmware | ||
Qualcomm Snapdragon 415 | ||
Qualcomm SD617 Firmware | ||
Qualcomm QCA617 | ||
Qualcomm SD 625 Firmware | ||
Qualcomm Snapdragon 625 | ||
Qualcomm SD650 Firmware | ||
Qualcomm Snapdragon 650 | ||
Qualcomm SD652 Firmware | ||
Qualcomm SD652 Firmware | ||
Qualcomm SD427 Firmware | ||
Qualcomm SD 427 firmware | ||
qualcomm sd435 firmware | ||
Qualcomm Snapdragon 435 | ||
Qualcomm Snapdragon 810 Firmware | ||
Qualcomm Snapdragon 810 | ||
Qualcomm SDM630 | ||
Qualcomm SDM630 Firmware | ||
Qualcomm SD 636 Firmware | ||
Qualcomm SDM636 Firmware | ||
Qualcomm SD660 Firmware | ||
Qualcomm Snapdragon 660 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2016-10498 is critical with a CVSS score of 9.8.
The affected software for CVE-2016-10498 includes Android versions before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, MDM9645, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SDM630, SDM636, SDM660, and Snapdragon.
To mitigate the vulnerability, it is recommended to update to the latest security patch level for Android or apply the necessary security updates provided by the device manufacturer.
More information about CVE-2016-10498 can be found at the following references: [SecurityFocus](http://www.securityfocus.com/bid/103671), [Android Security Bulletin](https://source.android.com/security/bulletin/2018-04-01), and [Android Security Bulletin 2018-04-01](https://source.android.com/docs/security/bulletin/2018-04-01/#asterisk).
The Common Weakness Enumeration (CWE) for CVE-2016-10498 is CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection').