Login Sign Up

CVE-2016-10495

9.8 CRITICAL

📋 TL;DR

This vulnerability in Qualcomm Snapdragon MDM9635M chipsets allows out-of-bounds memory access due to improper bounds checking of scan type values. Attackers could potentially execute arbitrary code or cause denial of service on affected Android devices. This affects Android devices with Qualcomm Snapdragon MDM9635M chipsets before the April 2018 security patch.

💻 Affected Systems

Products:
  • Android devices with Qualcomm Snapdragon MDM9635M chipset
Versions: Android versions before April 2018 security patch (2018-04-05)
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects devices with specific Qualcomm chipset; not all Android devices are vulnerable.

📦 What is this software?

Mdm9635m Firmware by Qualcomm

View all CVEs affecting Mdm9635m Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data theft, or persistent malware installation.

🟠

Likely Case

Device crash/reboot (denial of service) or limited information disclosure from memory.

🟢

If Mitigated

No impact if patched or if exploit attempts are blocked by security controls.

🌐 Internet-Facing: MEDIUM - Requires proximity or network access to device, but no authentication needed.
🏢 Internal Only: MEDIUM - Could be exploited by malicious apps or local network attackers.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires understanding of Qualcomm chipset memory layout and wireless scanning functionality.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android security patch level 2018-04-05 or later

Vendor Advisory: https://source.android.com/security/bulletin/2018-04-01

Restart Required: Yes

Instructions:

1. Check current security patch level in Settings > About phone > Android security patch level. 2. If before April 2018, install latest available system update. 3. Reboot device after update completes.

🔧 Temporary Workarounds

Disable unnecessary wireless features

all

Reduce attack surface by disabling Wi-Fi scanning, Bluetooth scanning, and location services when not needed.

🧯 If You Can't Patch

  • Isolate affected devices from untrusted networks
  • Implement strict app installation policies to prevent malicious apps

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone. If date is before 2018-04-05, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows 2018-04-05 or later date.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panics
  • System crashes
  • Unexpected reboots
  • Memory access violation logs

Network Indicators:

  • Unusual wireless scanning patterns
  • Suspicious proximity-based attacks

SIEM Query:

Search for: 'kernel panic' OR 'segmentation fault' OR 'out of bounds' on affected Android devices

📊 Metadata

CVE ID: CVE-2016-10495
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-118
Published: April 18, 2018
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2016-10495, you might also want to check these:

CVE-2015-2000 9.8

This vulnerability in Jumio SDK for Android allows attackers to execute arbitrary code by exploiting...

Same vulnerability type (CWE-118)
CVE-2015-2002 9.8

This vulnerability in ESRI ArcGIS Runtime SDK for Android allows attackers to execute arbitrary code...

Same vulnerability type (CWE-118)
CVE-2015-2004 9.8

This vulnerability in GraceNote GNSDK SDK for Android allows attackers to execute arbitrary code by ...

Same vulnerability type (CWE-118)