CVE-2016-10380

Name of the Vulnerable Software and Affected Versions Android versions (affected versions not specified) Qualcomm products with Android releases from CAF using the Linux kernel (affected versions not specified)

Description The issue is related to errors in positioning and can be exploited by a remote attacker to compromise the confidentiality, integrity, and availability of protected information. This is achieved when the UE engine sends unprotected MeasurementReports, which reveal the location of the UE engine.

Recommendations For Android, update the operating system to a version that includes the fix for this issue, if available. For Qualcomm products with Android releases from CAF using the Linux kernel, consider restricting access to sensitive location data until a patch is available. As a temporary workaround, consider disabling the feature that sends MeasurementReports until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.