CVE-2016-10416 Information

Description

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206 MDM9607 MDM9615 MDM9625 MDM9635M MDM9640 MDM9645 MSM8909W SD 210/SD 212/SD 205 SD 400 SD 410/12 SD 425 SD 430 SD 450 SD 600 SD 615/16/SD 415 SD 617 SD 625 SD 650/52 SD 800 SD 808 SD 810 and SD 820 UE crash is seen due to IPCMem exhaustion when UDP data is pumped to UE’s ULP (UserPlane Location protocol) UDP port 7275.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

http://www.securityfocus.com/bid/103671 https://source.android.com/security/bulletin/2018-04-01

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5