CVE-2016-10449Critical
CVE
CVE
National Vulnerability Database
NVD is the U.S. government repository of standards-based vulnerability management data, built on top of the MITRE CVE list. Every record includes CPE applicability statements, CVSS v2 and v3.x base scores, CWE mappings and cross-references to advisories.
Region
US
Updates
15 min
License
Public Domain
Comprehensive catalog of publicly disclosed vulnerabilities with CPE matches, CVSS scoring and reference URLs. De-facto standard for cross-vendor correlation.
https://nvd.nist.gov →Share link
Anyone with the link can open this vulnerability.
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, M…
CVSS
9.8
Critical
EPSS
0.01
p70
Published
2016-01-01
Updated
2016-01-01
Description
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, and SD 835, in a GNSS API function, a NULL pointer dereference can occur.
Tags · CWE
Pre-auth
CWE-476
CWE-476BaseStable
NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
https://cwe.mitre.org/data/definitions/476.html →Open in CWE collection →Affected products
Mdm9206_firmwareMdm9607_firmwareMdm9640_firmwareMdm9650_firmwareMsm8909w_firmwareSd_205_firmwareSd_210_firmwareSd_212_firmwareSd_400_firmwareSd_410_firmwareSd_412_firmwareSd_415_firmwareSd_425_firmwareSd_430_firmwareSd_450_firmwareSd_615_firmwareSd_616_firmwareSd_625_firmwareSd_650_firmwareSd_652_firmware
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Timeline
2016-01-01
Published
2016-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.015 · p70
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
| Product | Vendor | Status |
|---|---|---|
| mdm9206_firmware | * | Tracked |
| mdm9607_firmware | * | Tracked |
| mdm9640_firmware | * | Tracked |
| mdm9650_firmware | * | Tracked |
| msm8909w_firmware | * | Tracked |
| sd_205_firmware | * | Tracked |
| sd_210_firmware | * | Tracked |
| sd_212_firmware | * | Tracked |
| sd_400_firmware | * | Tracked |
| sd_410_firmware | * | Tracked |
| sd_412_firmware | * | Tracked |
| sd_415_firmware | * | Tracked |
| sd_425_firmware | * | Tracked |
| sd_430_firmware | * | Tracked |
| sd_450_firmware | * | Tracked |
| sd_615_firmware | * | Tracked |
| sd_616_firmware | * | Tracked |
| sd_625_firmware | * | Tracked |
| sd_650_firmware | * | Tracked |
| sd_652_firmware | * | Tracked |
Showing first 20 of 24
Source databases
CVE
CVE
National Vulnerability Database
NVD is the U.S. government repository of standards-based vulnerability management data, built on top of the MITRE CVE list. Every record includes CPE applicability statements, CVSS v2 and v3.x base scores, CWE mappings and cross-references to advisories.
Region
US
Updates
15 min
License
Public Domain
Comprehensive catalog of publicly disclosed vulnerabilities with CPE matches, CVSS scoring and reference URLs. De-facto standard for cross-vendor correlation.
https://nvd.nist.gov →Related vulnerabilities