Vulnerability Description
While generating trusted application id, An integer overflow can occur giving the trusted application an invalid identity in Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835 and SDA660.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Mdm9206 Firmware | - |
| Qualcomm | Mdm9206 | - |
| Qualcomm | Mdm9607 Firmware | - |
| Qualcomm | Mdm9607 | - |
| Qualcomm | Mdm9650 Firmware | - |
| Qualcomm | Mdm9650 | - |
| Qualcomm | Sd 210 Firmware | - |
| Qualcomm | Sd 210 | - |
| Qualcomm | Sd 212 Firmware | - |
| Qualcomm | Sd 212 | - |
| Qualcomm | Sd 205 Firmware | - |
| Qualcomm | Sd 205 | - |
| Qualcomm | Sd 835 Firmware | - |
| Qualcomm | Sd 835 | - |
| Qualcomm | Sda660 Firmware | - |
| Qualcomm | Sda660 | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105838Third Party AdvisoryVDB Entry
- https://source.android.com/security/bulletin/2018-11-01#qualcomm-componentsThird Party Advisory
- http://www.securityfocus.com/bid/105838Third Party AdvisoryVDB Entry
- https://source.android.com/security/bulletin/2018-11-01#qualcomm-componentsThird Party Advisory
FAQ
What is CVE-2016-10502?
CVE-2016-10502 is a vulnerability with a CVSS score of 9.8 (CRITICAL). While generating trusted application id, An integer overflow can occur giving the trusted application an invalid identity in Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650...
How severe is CVE-2016-10502?
CVE-2016-10502 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-10502?
Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Mdm9206 Firmware, Qualcomm Mdm9206, Qualcomm Mdm9607 Firmware, Qualcomm Mdm9607, Qualcomm Mdm9650 Firmware.