Chipsets.org

Vulnerability

CVE-2016-10458

Component: BOOT

Location: OS

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, SDX20, and Snapdragon_High_Med_2016, the 'proper' solution for this will be to ensure that any users of qsee_log in the bootchain (before Linux boots) unallocate their buffers and clear the qsee_log pointer. Until support for that is implemented in TZ and the bootloader, enable tz_log to avoid potential scribbling. This solution will prevent the linux kernel memory corruption.

Impact

Severity (Manufact.)

N/A

Severity (NIST)

9.8

Severity (Android)

N/A

Chipsets

Devices

153

Affected Hardware

Name	Also known as	Manufacturer
SDM630	Snapdragon 630	Qualcomm
SDM636	Snapdragon 636	Qualcomm
SDM660	Snapdragon 660	Qualcomm

3 of 3 row(s) shown.

Rows per page

Page 1 of 1

Information reliability

The information on this website is intended to provide information on the big picture of chipset security and measure trends within the industry. Our information is obtained from several vantage points, checked for consistency, and automatically cross-referenced. However, this process may not always yield reliable information. Do not use the information on a particular vulnerability, chipset or device to verify your individual exposure in cases where inaccuracies are inacceptable, for instance to assess risks if you are a Politically Exposed Person.

Timeline

Introduced (est):

Apr 1, 2017

Reported:

Unknown

Advisory Published:

N/A

CVE Published:

Apr 18, 2018

Android Patch Level:

None