CVEs-PoC/2016/CVE-2016-10423.md

### [CVE-2016-10423](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10423)
![](https://img.shields.io/static/v1?label=Product&message=Snapdragon%20Automobile%2C%20Snapdragon%20Mobile&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20access%20control%20with%20SPI%20bus&color=brighgreen)

### Description

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, when a Trusted Application has opened the SPI interface to a particular device, it is possible for another Trusted Application to read the data on this open interface due to non-exclusive access of the SPI bus.

### POC

#### Reference
- http://www.securityfocus.com/bid/103671

#### Github
No PoCs found on GitHub currently.