Thanks, I was hoping to figure out when it was distributed. But your comment encouraged me to search for the CVE, and it looks like it was fixed in the Android 04-05 security patch:
For vendor patches, you really can't trust that value in any way... I'm afraid there is no real way to check, except for trying the attack.
Qualcomm patches are not distributed as part of AOSP security patches, and is not tested for Google certification, so there is really no reason for it to be accurate, except possibly for Pixels.
I remember reading that phone manufacturers sometimes update the patch version but don't pull all the patches presumably because it's too much effort to integrate into their forked codebases.
Qualcomm patches are not distributed as part of AOSP security patches, and is not tested for Google certification, so there is really no reason for it to be accurate, except possibly for Pixels.