CVE-2016-10410

Q: What is the severity of CVE-2016-10410?

CVE-2016-10410 has a CVSS score of 9.8 (CRITICAL). A buffer overflow vulnerability in RTP during VoLTE calls on Qualcomm Snapdragon chipsets allows attackers to execute arbitrary code or cause denial of service. This affects Android devices with Qualcomm chipsets before the April 2018 security patch. The vulnerability is remotely exploitable via specially crafted RTP packets during VoLTE calls.

9.8 CRITICAL

Denial of Service Buffer Overflow

📋 TL;DR

A buffer overflow vulnerability in RTP during VoLTE calls on Qualcomm Snapdragon chipsets allows attackers to execute arbitrary code or cause denial of service. This affects Android devices with Qualcomm chipsets before the April 2018 security patch. The vulnerability is remotely exploitable via specially crafted RTP packets during VoLTE calls.

💻 Affected Systems

Products:

Android devices with Qualcomm Snapdragon chipsets

Versions: Android versions before April 5, 2018 security patch level

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Requires VoLTE capability and affected Qualcomm chipset. Devices must be configured for VoLTE calls.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel privileges leading to complete device compromise, data theft, and persistent malware installation.

🟠

Likely Case

Remote denial of service causing device crashes or instability during VoLTE calls, potentially disrupting communications.

🟢

If Mitigated

Limited impact if patched; unpatched devices remain vulnerable to remote attacks during VoLTE calls.

🌐 Internet-Facing: HIGH - Exploitable remotely via RTP packets during VoLTE calls without user interaction.

🏢 Internal Only: HIGH - Even internal network devices are vulnerable if they receive malicious RTP packets during VoLTE calls.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending malicious RTP packets during VoLTE calls. No public exploit code is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android security patch level April 5, 2018 or later

Vendor Advisory: https://source.android.com/security/bulletin/2018-04-01

Restart Required: Yes

Instructions:

1. Check device security patch level in Settings > About phone > Android security patch level. 2. If before April 2018, install latest Android security updates. 3. For carrier-locked devices, contact carrier for update availability. 4. Reboot device after update installation.

🔧 Temporary Workarounds

Disable VoLTE

android

Prevent exploitation by disabling VoLTE functionality

Settings > Mobile networks > Enhanced 4G LTE Mode (toggle off)

Network filtering

linux

Block suspicious RTP traffic at network perimeter

iptables -A INPUT -p udp --dport 16384:32767 -j DROP (adjust ports as needed)

🧯 If You Can't Patch

Isolate vulnerable devices on separate network segments
Implement strict network monitoring for abnormal RTP traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level: Settings > About phone > Android security patch level. If date is before April 2018, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows April 2018 or later. Test VoLTE calls for stability.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
VoLTE call failures
RTP packet size anomalies

Network Indicators:

Abnormal RTP packet sizes during VoLTE calls
Unexpected RTP traffic patterns

SIEM Query:

source="android_logs" AND ("kernel panic" OR "VoLTE failure" OR "RTP overflow")

📊 Metadata

CVE ID: CVE-2016-10410

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: April 18, 2018

Last Updated: November 21, 2024

🔗 References

http://www.securityfocus.com/bid/103671 Third Party Advisory,VDB Entry
https://source.android.com/security/bulletin/2018-04-01 Vendor Advisory
http://www.securityfocus.com/bid/103671 Third Party Advisory,VDB Entry
https://source.android.com/security/bulletin/2018-04-01 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Mdm9206 Firmware by Qualcomm

Mdm9607 Firmware by Qualcomm

Mdm9615 Firmware by Qualcomm

Mdm9625 Firmware by Qualcomm

Mdm9635m Firmware by Qualcomm

Mdm9640 Firmware by Qualcomm

Mdm9645 Firmware by Qualcomm

Mdm9650 Firmware by Qualcomm

Mdm9655 Firmware by Qualcomm

Msm8909w Firmware by Qualcomm

Sd 205 Firmware by Qualcomm

Sd 210 Firmware by Qualcomm

Sd 212 Firmware by Qualcomm

Sd 400 Firmware by Qualcomm

Sd 410 Firmware by Qualcomm

Sd 412 Firmware by Qualcomm

Sd 415 Firmware by Qualcomm

Sd 425 Firmware by Qualcomm

Sd 430 Firmware by Qualcomm

Sd 450 Firmware by Qualcomm

Sd 615 Firmware by Qualcomm

Sd 616 Firmware by Qualcomm

Sd 617 Firmware by Qualcomm

Sd 625 Firmware by Qualcomm

Sd 650 Firmware by Qualcomm

Sd 652 Firmware by Qualcomm

Sd 800 Firmware by Qualcomm

Sd 808 Firmware by Qualcomm

Sd 810 Firmware by Qualcomm

Sd 820 Firmware by Qualcomm

Sd 835 Firmware by Qualcomm

Sd 845 Firmware by Qualcomm

Sd 850 Firmware by Qualcomm

Sdx20 Firmware by Qualcomm