CVE-2016-10467

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, SD 820, and SD 820A, function ce_pkcs1_pss_padding_verify_auto_recover_saltlen assumes that the size of the encoded message is equal to the size of the RSA modulus. This assumption is true for most RSA keys, but it fails when modulus_bitlen % 8 == 1.
References
Link Resource
http://www.securityfocus.com/bid/103671 Third Party Advisory VDB Entry
https://source.android.com/security/bulletin/2018-04-01 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-04-18 14:29

Updated : 2024-02-28 16:25


NVD link : CVE-2016-10467

Mitre link : CVE-2016-10467

CVE.ORG link : CVE-2016-10467


JSON object : View

Products Affected

qualcomm

  • sd_212_firmware
  • sd_800_firmware
  • sd_210
  • sd_800
  • sd_205
  • sd_400
  • sd_808_firmware
  • sd_650_firmware
  • sd_210_firmware
  • sd_410
  • sd_615
  • sd_617
  • sd_400_firmware
  • sd_808
  • sd_616
  • sd_650
  • sd_652_firmware
  • sd_415_firmware
  • sd_412
  • sd_412_firmware
  • sd_410_firmware
  • sd_617_firmware
  • sd_652
  • sd_615_firmware
  • sd_616_firmware
  • sd_212
  • sd_820a_firmware
  • sd_205_firmware
  • sd_820_firmware
  • sd_820
  • sd_820a
  • sd_415
CWE
CWE-320

Key Management Errors