PT-2018-4651 · Google+1 · Android+1

Published

2018-04-18

Updated

2018-05-01

CVE-2016-10406

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Android versions prior to 2018-04-05 security patch level

Description The issue concerns the printing of debug messages in certain Qualcomm Snapdragon Mobile processors. Specifically, when the wlan qmi err cb function is called, it prints the real kernel address of a pointer, regardless of the kptr restrict system settings. This could potentially expose sensitive information.

Recommendations For Android versions prior to 2018-04-05 security patch level, update to a version with a security patch level of 2018-04-05 or later to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2016-10406

Affected Products

Android

Qualcomm Snapdragon Mobile

PT-2018-4651 · Google+1 · Android+1

CVE-2016-10406

Weakness Enumeration

Related Identifiers

Affected Products

References · 3