CVE-2016-10486

Name of the Vulnerable Software and Affected Versions Android versions prior to 2018-04-05 security patch level

Description The issue is caused by an error in processing the buffer parameter in the Qualcomm Diag F3 API. If the buffer parameter is non-NULL terminated in Diag F3 APIs, a buffer overread occurs. This can be exploited by a remote attacker to cause a buffer overflow.

Recommendations For Android versions prior to 2018-04-05 security patch level, update to a version with a security patch level of 2018-04-05 or later to resolve the issue. As a temporary workaround, consider restricting access to the Diag F3 API until a patch is available. Avoid using non-NULL terminated buffer parameters in the affected API until the issue is resolved.