Synced 16 Jun 2026 15:24 UTC Account
← All products

CVE-2016-10391

CRITICAL severity · CVSS 9.8 · Improper input validation
9.8CVSS CRITICAL

Summary

In all Qualcomm products with Android releases from CAF using the Linux kernel, the length in an HCI command is not properly checked for validity.

Impact & exploitability

Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionNone
Confidentiality impactHigh
Integrity impactHigh
Availability impactHigh
Exploit probability (EPSS)1%

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products we track (1)

Android

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Additional information