CVE-2016-3902

Published: Oct 10, 2016Modified: May 6, 2026

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

drivers/platform/msm/ipa/ipa_qmi_service.c in the Qualcomm IPA driver in Android before 2016-10-05 on Nexus 5X and 6P devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29953313 and Qualcomm internal bug CR 1044072.

Affected (1)

Products: Google: Android

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Android	Up to 7.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://source.android.com/security/bulletin/2016-10-01.html

Source: security@android.com

PatchVendor Advisory

http://www.securityfocus.com/bid/93309

Source: security@android.com

https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=2fca425d781572393fbe51abe2e27a932d24a768

Source: security@android.com

Issue TrackingPatch

http://source.android.com/security/bulletin/2016-10-01.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/93309

Source: af854a3a-2127-422b-91ae-364da2661108

https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=2fca425d781572393fbe51abe2e27a932d24a768

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatch

Timeline

No history available yet.