CVE-2016-10462
Description
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, the Access Control policy for HLOS allows access to Slimbus, GPU, GIC resources.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An improperly configured Access Control policy in multiple Qualcomm SoCs allows HLOS to access Slimbus, GPU, and GIC resources.
Vulnerability
In Android before the 2018-04-05 security patch level, an improperly configured Access Control policy in multiple Qualcomm Snapdragon SoCs (SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016) grants the HLOS (High-Level Operating System) access to Slimbus, GPU, and GIC resources [1]. The affected Android build is prior to the April 2018 security patch level [1].
Exploitation
An attacker with local execution capability on the device can exploit this misconfigured policy to gain unauthorized access to Slimbus, GPU, and GIC resources. No additional permissions or privileges are required beyond the ability to execute code within the HLOS environment [1].
Impact
Successful exploitation allows an attacker to access sensitive resources (Slimbus, GPU, GIC) that should be restricted, potentially leading to information disclosure, denial of service, or privilege escalation from the HLOS context [1]. The full scope of compromise depends on the specific resource accessed, but at a minimum it violates the intended isolation between the HLOS and lower-level hardware components.
Mitigation
The issue is fixed in the Android April 2018 security patch level [1]. Devices that have received the 2018-04-05 or later security patch are no longer vulnerable. Users should ensure their device security patch level is updated to April 2018 or later [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Range: <=2018-04-05
- Range: <=2018-04-05
- Range: <=2018-04-05
- Qualcomm, Inc./Snapdragon Automobile, Snapdragon Mobilev5Range: SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/103671mitrevdb-entryx_refsource_BID
- source.android.com/security/bulletin/2018-04-01mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.