PT-2018-4652 · Qualcomm+1 · Qualcomm Snapdragon Mobile+2

Publicado

2018-04-18

Atualizado

2018-05-01

CVE-2016-10409

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Android versions prior to 2018-04-05 security patch level

Description A Time-of-Check-to-Time-of-Use (TOCTOU) issue may occur in Android while composing the RPMB request using HLOS controlled buffers, potentially affecting devices with Qualcomm Snapdragon Automobile and various Snapdragon Mobile processors.

Recommendations For Android versions prior to 2018-04-05 security patch level, update to a version with a security patch level of 2018-04-05 or later to resolve the issue.

Correção

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362

Identificadores relacionados

CVE-2016-10409

Produtos afetados

Android

Qualcomm Snapdragon Mobile

Snapdragon Mobile

PT-2018-4652 · Qualcomm+1 · Qualcomm Snapdragon Mobile+2

CVE-2016-10409

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3