1. Home
  2. CVE Database
  3. CVE-2016-10467
CRITICAL · 9.8

CVE-2016-10467

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 80...

Vulnerability Description

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, SD 820, and SD 820A, function ce_pkcs1_pss_padding_verify_auto_recover_saltlen assumes that the size of the encoded message is equal to the size of the RSA modulus. This assumption is true for most RSA keys, but it fails when modulus_bitlen % 8 == 1.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
QualcommSd 210 Firmware-
QualcommSd 210-
QualcommSd 212 Firmware-
QualcommSd 212-
QualcommSd 205 Firmware-
QualcommSd 205-
QualcommSd 400 Firmware-
QualcommSd 400-
QualcommSd 410 Firmware-
QualcommSd 410-
QualcommSd 412 Firmware-
QualcommSd 412-
QualcommSd 615 Firmware-
QualcommSd 615-
QualcommSd 616 Firmware-
QualcommSd 616-
QualcommSd 415 Firmware-
QualcommSd 415-
QualcommSd 617 Firmware-
QualcommSd 617-

Related Weaknesses (CWE)

CWE-320

References

FAQ

What is CVE-2016-10467?

CVE-2016-10467 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 80...

How severe is CVE-2016-10467?

CVE-2016-10467 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2016-10467?

Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Sd 210 Firmware, Qualcomm Sd 210, Qualcomm Sd 212 Firmware, Qualcomm Sd 212, Qualcomm Sd 205 Firmware.