Unrated severityNVD Advisory· Published Apr 18, 2018· Updated Sep 17, 2024

CVE-2016-10435

Description

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9625, MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 820, and SD 820A, in some QTEE syscall handlers, a TOCTOU vulnerability exists.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A TOCTOU vulnerability in QTEE syscall handlers on Qualcomm chipsets could allow privilege escalation.

Vulnerability

A time-of-check time-of-use (TOCTOU) vulnerability exists in QTEE syscall handlers on Qualcomm Snapdragon Automobile, Mobile, and Wear platforms, including MDM9206, MDM9625, MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 820, and SD 820A. The issue affects Android before the 2018-04-05 security patch level [1]. The TOCTOU flaw allows a race condition between a check and use of a resource within a syscall handler.

Exploitation

An attacker with local access or the ability to run malicious code on the device could exploit the race window in a QTEE syscall handler. Successful exploitation requires precise timing to manipulate the resource between the check and use [1].

Impact

If exploited, the attacker could achieve privilege escalation within the Qualcomm Trusted Execution Environment (QTEE), potentially gaining elevated privileges that could lead to further compromise of the device's security.

Mitigation

This vulnerability is fixed in the Android security patch level dated 2018-04-05 or later. Users should ensure their devices receive and apply this update. No workaround is available [1].

References

Android Security Bulletin—April 2018

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Qualcomm/Snapdragon Mobilellm-fuzzy
Qualcomm/Snapdragon Automobilellm-fuzzy
Qualcomm/Snapdragon Wearllm-fuzzy
Qualcomm, Inc./Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wearv5
Range: MDM9206, MDM9625, MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 820, SD 820A

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/103671mitrevdb-entryx_refsource_BID
source.android.com/security/bulletin/2018-04-01mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000