CVE-2016-10474

Name of the Vulnerable Software and Affected Versions Android versions prior to 2018-04-05 security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850

Description The issue is caused by a buffer overflow in the Qualcomm component of the Android operating system. This can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information using the RIL interface. The buffer size calculation may overflow if the buffer length passed to the RIL interface is too large, resulting in an undersize allocation for the buffer and subsequently a buffer overwrite.

Recommendations For Android versions prior to 2018-04-05 security patch level on the specified Qualcomm Snapdragon platforms, update to a version with a security patch level of 2018-04-05 or later to resolve the issue. As a temporary workaround, consider restricting access to the RIL interface until a patch is available.