CVE-2016-10473
Description
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, in a supplementary services function, a buffer overflow can occur.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A buffer overflow vulnerability in Qualcomm's supplementary services function could allow local privilege escalation on multiple Snapdragon SoCs.
Vulnerability
A buffer overflow vulnerability exists in a supplementary services function on Qualcomm Snapdragon Mobile and Snapdragon Wear platforms. The affected chipsets include MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20. The bug is present in Android security patch levels before April 2018 [1].
Exploitation
An attacker needs local access to a vulnerable device. The buffer overflow can be triggered by sending crafted supplementary service messages to the affected function. No authentication is mentioned beyond local access; user interaction may be required depending on the specific service invoked [1].
Impact
Successful exploitation of this buffer overflow could allow an attacker to execute arbitrary code in the context of a privileged process, achieving local privilege escalation. The potential impacts include full compromise of device confidentiality, integrity, and availability [1].
Mitigation
The vulnerability is fixed in the Android security patch level of 2018-04-05 or later. Users are advised to apply the April 2018 security update from their device vendors. The update is included in the Android Security Bulletin for April 2018 [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Qualcomm, Inc./Snapdragon Mobile, Snapdragon Wearv5Range: MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SDX20
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/103671mitrevdb-entryx_refsource_BID
- source.android.com/security/bulletin/2018-04-01mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.