CVE-2016-10472

Name of the Vulnerable Software and Affected Versions Android versions prior to 2018-04-05 security patch level

Description The issue is related to an error in access control when processing the TZ INFO GET SECURE STATE LEGACY ID command in the Android operating system. This could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. The problem arises because the address and size passed to the TZ INFO GET SECURE STATE LEGACY ID command from the HLOS Kernel were not being checked, leading to access outside DDR.

Recommendations For Android versions prior to 2018-04-05 security patch level, update to a version with a security patch level of 2018-04-05 or later to resolve the issue. As a temporary workaround, consider restricting access to the TZ INFO GET SECURE STATE LEGACY ID command to minimize the risk of exploitation.