Vulnerabilities > CVE-2016-10446 - Configuration vulnerability in Qualcomm products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

qualcomm

CWE-16

NVD

Published: 2018-04-18

Updated: 2018-05-01

Summary

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 820, SD 820A, and SD 835, incorrect configuration of the OCIMEM MPU may provide NonSecure Software access to OCIMEM memory used by TZ.

Vulnerable Configurations

Part	Description	Count
OS	Qualcomm Qualcomm Mdm9206 Firmware - Qualcomm Mdm9650 Firmware - Qualcomm SD 210 Firmware - Qualcomm SD 212 Firmware - Qualcomm SD 205 Firmware - Qualcomm SD 820 Firmware - Qualcomm SD 835 Firmware - Qualcomm SD 820A Firmware -	8
Hardware	Qualcomm Qualcomm Mdm9206 - Qualcomm Mdm9650 - Qualcomm SD 210 - Qualcomm SD 212 - Qualcomm SD 205 - Qualcomm SD 820 - Qualcomm SD 835 - Qualcomm SD 820A -	8

Common Weakness Enumeration (CWE)

CWE-16 - Configuration

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References