CVE-2016-10436
Description
In Android before 2018-04-05 or earlier security patch level on Qualcomm Small Cell SoC, Snapdragon Mobile, and Snapdragon Wear FSM9055, IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA4531, QCA9980, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, and SDX20, improper input validation infuse read request leads to memory corruption.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Improper input validation in reading fuse on Qualcomm SoCs allows memory corruption, leading to a denial of service or escalation of privilege.
Vulnerability
In Qualcomm SoCs and modules including FSM9055, IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA4531, QCA9980, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, and SDX20 used in Android devices, improper input validation in the fuse reading operation can lead to memory corruption. This vulnerability affects Android security patch levels before April 2018 [1].
Exploitation
An attacker with local system access can craft a malformed fuse read request that bypasses input validation, triggering memory corruption. The exact steps are not detailed in the references, but the corruption occurs during the handling of the read request within the kernel or firmware.
Impact
Successful exploitation may cause a denial of service (system crash or reboot) or potentially allow an attacker to escalate privileges and execute arbitrary code in a privileged context, depending on the memory corruption type.
Mitigation
Google released a security patch for the Android platform in the April 2018 Android Security Bulletin, which includes a fix for this issue [1]. Users should apply the April 2018 or later security patch level. For affected Qualcomm parts not covered by Android updates, follow Qualcomm's advisory or ensure the device is updated with the latest firmware.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: <=2018-04-05
- Qualcomm, Inc./Small Cell SoC , Snapdragon Mobile, Snapdragon Wearv5Range: FSM9055, IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA4531, QCA9980, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SDX20
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/103671mitrevdb-entryx_refsource_BID
- source.android.com/security/bulletin/2018-04-01mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.