CVE-2016-10455
Description
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, improper initialization of ike_sa_handle_ptr in IPSEC leads to system denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Uninitialized kernel pointer in QCOM IPSEC IKE SA handling on Android leads to denial of service.
Vulnerability
An improper initialization vulnerability exists in the IPSEC subsystem of Qualcomm Snapdragon SoCs used in Android devices. The ike_sa_handle_ptr is not properly initialized, which can be triggered during Internet Key Exchange (IKE) Security Association (SA) handling. Affected chipsets include MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20. Android devices with security patches before April 5, 2018 are vulnerable [1].
Exploitation
An attacker within network proximity could craft a malicious IPSec IKE message that triggers use of the uninitialized pointer. No authentication is required, as the vulnerability resides in the kernel-level IPSEC handler that processes incoming IKE packets. The specific sequence involves sending a specially constructed IKE SA initialization request that causes the kernel to dereference the uninitialized ike_sa_handle_ptr [1].
Impact
Successful exploitation leads to a kernel crash or hang, resulting in a system denial of service. The memory corruption may also enable further exploitation, but the primary documented outcome is denial of service [1].
Mitigation
The vulnerability is fixed in the Android security patch level of 2018-04-05 or later. Users should apply the April 2018 Android Security Bulletin update provided by their device vendor [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Range: <= 2018-04-05 security patch level
- Range: <= 2018-04-05 security patch level
- Range: <= 2018-04-05 security patch level
- Qualcomm, Inc./Snapdragon Mobile, Snapdragon Wearv5Range: MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, SDX20
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/103671mitrevdb-entryx_refsource_BID
- source.android.com/security/bulletin/2018-04-01mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.