CVE-2016-10493

Name of the Vulnerable Software and Affected Versions Android versions prior to 2018-04-05

Description The issue is caused by NPA routines on the rootPD that handle resource requests remoted over QDI, which may not validate pointers passed from user space, resulting in guest OS memory corruption. It can also be described as a buffer overflow vulnerability in the Qualcomm component of the Android operating system when processing requests through the QDI interface. This can allow a remote attacker to cause memory corruption using a specially crafted request.

Recommendations For Android versions prior to 2018-04-05, update to a version with a security patch level of 2018-04-05 or later to resolve the issue.