CVE-2016-10436

Q: What is the severity of CVE-2016-10436?

CVE-2016-10436 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows improper input validation in fuse read requests on Qualcomm chipsets used in Android devices, leading to memory corruption. Attackers could exploit this to execute arbitrary code or cause denial of service. Affected devices include those using Qualcomm Small Cell SoC, Snapdragon Mobile, and Snapdragon Wear chipsets before April 2018 security patches.

9.8 CRITICAL

📋 TL;DR

This vulnerability allows improper input validation in fuse read requests on Qualcomm chipsets used in Android devices, leading to memory corruption. Attackers could exploit this to execute arbitrary code or cause denial of service. Affected devices include those using Qualcomm Small Cell SoC, Snapdragon Mobile, and Snapdragon Wear chipsets before April 2018 security patches.

💻 Affected Systems

Products:

Android devices with Qualcomm chipsets
Qualcomm Small Cell SoC
Snapdragon Mobile
Snapdragon Wear

Versions: Android versions before 2018-04-05 security patch level

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Specific affected chipsets include FSM9055, IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA4531, QCA9980, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, and SDX20.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel privileges leading to complete device compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Local privilege escalation allowing attackers to gain elevated permissions on compromised devices.

🟢

If Mitigated

Denial of service or application crashes if memory corruption cannot be leveraged for code execution.

🌐 Internet-Facing: MEDIUM - Requires local access or malware installation first, but could be chained with other exploits.

🏢 Internal Only: HIGH - Once an attacker gains initial access, this vulnerability enables privilege escalation to kernel level.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access to trigger the fuse read request vulnerability. Memory corruption vulnerabilities in kernel space are often weaponized for privilege escalation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android security patch level 2018-04-05 or later

Vendor Advisory: https://source.android.com/security/bulletin/2018-04-01

Restart Required: Yes

Instructions:

1. Check current Android security patch level in Settings > About phone > Android security patch level. 2. If before April 2018, apply the latest available system update from device manufacturer. 3. Reboot device after update installation.

🔧 Temporary Workarounds

Disable unnecessary fuse mounts

linux

Reduce attack surface by disabling unused fuse filesystem mounts

mount | grep fuse
umount /path/to/fuse/mount

🧯 If You Can't Patch

Implement strict application sandboxing to limit impact of privilege escalation
Use mobile device management (MDM) to enforce security policies and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android security patch level. If date is before 2018-04-05, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows 2018-04-05 or later after applying updates.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Fuse filesystem error messages
Memory corruption warnings in dmesg

Network Indicators:

Unusual process spawning from kernel context
Suspicious privilege escalation attempts

SIEM Query:

source="android_kernel" AND ("fuse" OR "memory corruption" OR "kernel panic")

📊 Metadata

CVE ID: CVE-2016-10436

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: April 18, 2018

Last Updated: November 21, 2024

🔗 References

http://www.securityfocus.com/bid/103671 Third Party Advisory,VDB Entry
https://source.android.com/security/bulletin/2018-04-01 Vendor Advisory
http://www.securityfocus.com/bid/103671 Third Party Advisory,VDB Entry
https://source.android.com/security/bulletin/2018-04-01 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fsm9055 Firmware by Qualcomm

Ipq4019 Firmware by Qualcomm

Ipq8064 Firmware by Qualcomm

Mdm9206 Firmware by Qualcomm

Mdm9607 Firmware by Qualcomm

Mdm9635m Firmware by Qualcomm

Mdm9640 Firmware by Qualcomm

Mdm9645 Firmware by Qualcomm

Mdm9650 Firmware by Qualcomm

Msm8909w Firmware by Qualcomm

Qca4531 Firmware by Qualcomm

Qca9980 Firmware by Qualcomm

Sd 205 Firmware by Qualcomm

Sd 210 Firmware by Qualcomm

Sd 212 Firmware by Qualcomm

Sd 400 Firmware by Qualcomm

Sd 410 Firmware by Qualcomm

Sd 412 Firmware by Qualcomm

Sd 415 Firmware by Qualcomm

Sd 425 Firmware by Qualcomm

Sd 430 Firmware by Qualcomm

Sd 450 Firmware by Qualcomm

Sd 615 Firmware by Qualcomm

Sd 616 Firmware by Qualcomm

Sd 617 Firmware by Qualcomm

Sd 625 Firmware by Qualcomm

Sd 650 Firmware by Qualcomm

Sd 652 Firmware by Qualcomm

Sd 808 Firmware by Qualcomm

Sd 810 Firmware by Qualcomm

Sd 820 Firmware by Qualcomm

Sd 835 Firmware by Qualcomm

Sdx20 Firmware by Qualcomm