9.3
CVSSv2

CVE-2016-10389

Published: 18/08/2017 Updated: 23/08/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

In all Qualcomm products with Android releases from CAF using the Linux kernel, there is no size check for the images being flashed onto the NAND memory in their respective partitions, so there is a possibility of writing beyond the intended partition.

Vulnerability Trend

Affected Products

Vendor Product Versions
GoogleAndroid*

Vendor Advisories

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices Security patch levels of July 05, 2017 or later address all of these issues Refer to the Pixel and Nexus update schedule to learn how to check a device's security patch level Partners were notified of the issues described in the bulletin at least ...

Github Repositories