CVE-2016-10434 - OpenCVE

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 820 and SD 820A, the input to RPMB write response function is a buffer from HLOS that needs to be authenticated (using HMAC) and then processed. However, some of the processing occurs before the buffer is authenticated. The function will return various types of errors depending on the values of the `response` and `result` fields of the buffer before verifying the HMAC tag.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Qualcomm	Sd 820 Sd 820 Firmware Sd 820a Sd 820a Firmware

Configuration 1 [-]

AND

cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/103671
https://source.android.com/security/bulletin/2018-04-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2018-04-18T14:00:00Z

Updated: 2024-09-16T23:55:53.970Z

Reserved: 2017-08-16T00:00:00

Link: CVE-2016-10434

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-04-18T14:29:11.167

Modified: 2018-05-01T17:17:27.130

Link: CVE-2016-10434

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Snapdragon Automobile, Snapdragon Mobile", "vendor": "Qualcomm, Inc.", "versions": [{"status": "affected", "version": "SD 820, SD 820A"}]}], "datePublic": "2018-04-02T00:00:00", "descriptions": [{"lang": "en", "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 820 and SD 820A, the input to RPMB write response function is a buffer from HLOS that needs to be authenticated (using HMAC) and then processed. However, some of the processing occurs before the buffer is authenticated. The function will return various types of errors depending on the values of the `response` and `result` fields of the buffer before verifying the HMAC tag."}], "problemTypes": [{"descriptions": [{"description": "Improper Authentication in Storage.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-04-19T09:57:01", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://source.android.com/security/bulletin/2018-04-01"}, {"name": "103671", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/103671"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@qualcomm.com", "DATE_PUBLIC": "2018-04-02T00:00:00", "ID": "CVE-2016-10434", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Snapdragon Automobile, Snapdragon Mobile", "version": {"version_data": [{"version_value": "SD 820, SD 820A"}]}}]}, "vendor_name": "Qualcomm, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 820 and SD 820A, the input to RPMB write response function is a buffer from HLOS that needs to be authenticated (using HMAC) and then processed. However, some of the processing occurs before the buffer is authenticated. The function will return various types of errors depending on the values of the `response` and `result` fields of the buffer before verifying the HMAC tag."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Authentication in Storage."}]}]}, "references": {"reference_data": [{"name": "https://source.android.com/security/bulletin/2018-04-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2018-04-01"}, {"name": "103671", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103671"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T03:21:51.709Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://source.android.com/security/bulletin/2018-04-01"}, {"name": "103671", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/103671"}]}]}, "cveMetadata": {"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2016-10434", "datePublished": "2018-04-18T14:00:00Z", "dateReserved": "2017-08-16T00:00:00", "dateUpdated": "2024-09-16T23:55:53.970Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E077FC03-F86F-417A-A3E6-BC88CB85C6F0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "matchCriteriaId": "E016356C-94ED-4CDD-8351-97D265FE036E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E08016A2-E4FE-4E9C-A915-C66BE157AFB5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "matchCriteriaId": "018452D0-007C-4740-B2AF-E5C8BBAC310F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 820 and SD 820A, the input to RPMB write response function is a buffer from HLOS that needs to be authenticated (using HMAC) and then processed. However, some of the processing occurs before the buffer is authenticated. The function will return various types of errors depending on the values of the `response` and `result` fields of the buffer before verifying the HMAC tag."}, {"lang": "es", "value": "En Android, antes del nivel de parche de seguridad del 2018-04-05 o antes en Qualcomm Snapdragon Automobile y Snapdragon Mobile SD 820 y SD 820A, la entrada a una funci\u00f3n de respuesta de escritura RPMB es un b\u00fafer de HLOS que necesita ser autenticado (mediante HMAC) y luego procesado. Sin embargo, parte del procesamiento ocurre antes de que el b\u00fafer se autentique. La funci\u00f3n devolver\u00e1 varios tipos de error dependiendo de los valores de los campos \"response\" y \"result\" del b\u00fafer antes de verificar la etiqueta HMAC."}], "id": "CVE-2016-10434", "lastModified": "2018-05-01T17:17:27.130", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-04-18T14:29:11.167", "references": [{"source": "product-security@qualcomm.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103671"}, {"source": "product-security@qualcomm.com", "tags": ["Vendor Advisory"], "url": "https://source.android.com/security/bulletin/2018-04-01"}], "sourceIdentifier": "product-security@qualcomm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}