CVE-2016-10479

Name of the Vulnerable Software and Affected Versions Android versions prior to 2018-04-05 security patch level Qualcomm Snapdragon Mobile versions (including MDM9607, MDM9615, MDM9635M, MDM9640, SD 210/SD 212/SD 205, SD 400, SD 600, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 810, and SD 820)

Description The issue is caused by an out-of-bounds write in the stack variable message due to an arbitrary length value from an incoming message to QMI Proxy. This can allow a remote attacker to impact the confidentiality, integrity, and availability of protected information using a specially crafted message.

Recommendations For Android versions prior to 2018-04-05 security patch level, update to a version with a security patch level of 2018-04-05 or later. For Qualcomm Snapdragon Mobile, consider disabling the QMI Proxy component until a patch is available. Restrict access to the QMI Proxy module to minimize the risk of exploitation.