CVE-2016-10481

Name of the Vulnerable Software and Affected Versions Android versions prior to 2018-04-05 security patch level

Description The issue is related to errors in processing the WMI STA SMPS PARAM CMDID parameter in the Qualcomm WLAN component of the Android operating system. This can potentially allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. The problem occurs when the WLAN FW receives the WMI STA SMPS PARAM CMDID ioctl in a not-associated state and the virtual channel handle is not assigned, leading to an assert due to the lack of a NULL check for the virtual channel handle.

Recommendations For Android versions prior to 2018-04-05 security patch level, update to a version with a security patch level of 2018-04-05 or later to resolve the issue. As a temporary workaround, consider restricting the use of WLAN functionality until a patch is available.