CVE-2016-10481

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 600, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, if WLAN FW receives the WMI_STA_SMPS_PARAM_CMDID ioctl in not-associated state, when the virtual channel handle is not assigned, the code doesn't check for NULL virtual channel handle, so an assert occurs.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
qualcommCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
qualcommmdm9607_firmware
-
qualcommmdm9635m_firmware
-
qualcommmdm9640_firmware
-
qualcommmdm9650_firmware
-
qualcommsd_210_firmware
-
qualcommsd_212_firmware
-
qualcommsd_205_firmware
-
qualcommsd_425_firmware
-
qualcommsd_600_firmware
-
qualcommsd_625_firmware
-
qualcommsd_650_firmware
-
qualcommsd_652_firmware
-
qualcommsd_808_firmware
-
qualcommsd_810_firmware
-
qualcommsd_820_firmware
-
qualcommsd_835_firmware
-
qualcommsd_845_firmware
-
qualcommsdx20_firmware
-
qualcommqca4531_firmware
-
qualcommqca6174a_firmware
-
qualcommqca6574au_firmware
-
qualcommqca6584_firmware
-
qualcommqca6584au_firmware
-
qualcommqca9377_firmware
-
qualcommqca9378_firmware
-
qualcommqca9379_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/103671
https://source.android.com/security/bulletin/2018-04-01
http://www.securityfocus.com/bid/103671
https://source.android.com/security/bulletin/2018-04-01