Login Sign Up

CVE-2016-10407

9.8 CRITICAL
Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

This vulnerability is an integer overflow leading to buffer overflow in Qualcomm Snapdragon chipsets during VT calls, allowing potential remote code execution. It affects Android devices with specific Qualcomm Snapdragon processors before the April 2018 security patch. Attackers could exploit this to gain control of affected devices.

💻 Affected Systems

Products:
  • Android devices with Qualcomm Snapdragon SD 210, SD 212, SD 205, SD 400, SD 410/12, SD 430, SD 450, SD 615/16/415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835
Versions: Android versions before April 5, 2018 security patch level
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Requires Qualcomm Snapdragon chipset. Vulnerability is in the chipset firmware/driver, not the Android OS itself.

📦 What is this software?

Sd 205 Firmware by Qualcomm

View all CVEs affecting Sd 205 Firmware →

Sd 210 Firmware by Qualcomm

View all CVEs affecting Sd 210 Firmware →

Sd 212 Firmware by Qualcomm

View all CVEs affecting Sd 212 Firmware →

Sd 400 Firmware by Qualcomm

View all CVEs affecting Sd 400 Firmware →

Sd 410 Firmware by Qualcomm

View all CVEs affecting Sd 410 Firmware →

Sd 412 Firmware by Qualcomm

View all CVEs affecting Sd 412 Firmware →

Sd 415 Firmware by Qualcomm

View all CVEs affecting Sd 415 Firmware →

Sd 430 Firmware by Qualcomm

View all CVEs affecting Sd 430 Firmware →

Sd 450 Firmware by Qualcomm

View all CVEs affecting Sd 450 Firmware →

Sd 615 Firmware by Qualcomm

View all CVEs affecting Sd 615 Firmware →

Sd 616 Firmware by Qualcomm

View all CVEs affecting Sd 616 Firmware →

Sd 617 Firmware by Qualcomm

View all CVEs affecting Sd 617 Firmware →

Sd 625 Firmware by Qualcomm

View all CVEs affecting Sd 625 Firmware →

Sd 650 Firmware by Qualcomm

View all CVEs affecting Sd 650 Firmware →

Sd 652 Firmware by Qualcomm

View all CVEs affecting Sd 652 Firmware →

Sd 800 Firmware by Qualcomm

View all CVEs affecting Sd 800 Firmware →

Sd 808 Firmware by Qualcomm

View all CVEs affecting Sd 808 Firmware →

Sd 810 Firmware by Qualcomm

View all CVEs affecting Sd 810 Firmware →

Sd 820 Firmware by Qualcomm

View all CVEs affecting Sd 820 Firmware →

Sd 835 Firmware by Qualcomm

View all CVEs affecting Sd 835 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel privileges leading to complete device compromise, data theft, and persistent backdoor installation.

🟠

Likely Case

Device crash/reboot (DoS) or limited code execution in user-space context.

🟢

If Mitigated

No impact if patched or if VT calling functionality is disabled.

🌐 Internet-Facing: HIGH - Can be triggered remotely via VT calls without user interaction.
🏢 Internal Only: HIGH - Internal network attacks could also exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires triggering VT call functionality. No public exploit code available, but vulnerability is well-documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android security patch level April 5, 2018 or later

Vendor Advisory: https://source.android.com/security/bulletin/2018-04-01

Restart Required: Yes

Instructions:

1. Check device security patch level in Settings > About phone > Android security patch level. 2. If before April 2018, update to latest available Android version. 3. If no update available from manufacturer, consider replacing device.

🔧 Temporary Workarounds

Disable VT Calling

android

Disable video telephony functionality to prevent exploitation vector

🧯 If You Can't Patch

  • Isolate affected devices on separate network segments with strict firewall rules
  • Implement network monitoring for unusual VT call traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone. If date is before April 2018, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows April 2018 or later. Test VT calling functionality to ensure it still works without crashes.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • VT call failures/crashes
  • Unusual process creation from telephony services

Network Indicators:

  • Unusual VT call traffic patterns
  • Malformed video telephony packets

SIEM Query:

source="android_logs" AND ("kernel panic" OR "VT call" OR "qualcomm")

📊 Metadata

CVE ID: CVE-2016-10407
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-190
Published: April 18, 2018
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2016-10407, you might also want to check these:

CVE-2025-64721 10.0

This vulnerability in Sandboxie allows sandboxed processes to exploit an integer overflow in the Sbi...

Same vulnerability type (CWE-190)
CVE-2018-20177 9.8

CVE-2018-20177 is a critical integer overflow vulnerability in rdesktop RDP client that leads to hea...

Same vulnerability type (CWE-190)
CVE-2018-5095 9.8

An integer overflow vulnerability in the Skia graphics library allows attackers to trigger use of un...

Same vulnerability type (CWE-190)