CVE-2016-10484

Q: What is the severity of CVE-2016-10484?

CVE-2016-10484 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows buffer overflow attacks in Qualcomm Snapdragon chipsets used in Android devices. An attacker can exploit improper buffer size calculations in RPMB listener registration to execute arbitrary code or cause denial of service. Affected devices include Android smartphones, wearables, and automotive systems with specific Qualcomm chipsets.

9.8 CRITICAL

Buffer Overflow

📋 TL;DR

This vulnerability allows buffer overflow attacks in Qualcomm Snapdragon chipsets used in Android devices. An attacker can exploit improper buffer size calculations in RPMB listener registration to execute arbitrary code or cause denial of service. Affected devices include Android smartphones, wearables, and automotive systems with specific Qualcomm chipsets.

💻 Affected Systems

Products:

Android devices with Qualcomm Snapdragon chipsets: Automobile, Mobile, Wear platforms

Versions: Android versions before April 5, 2018 security patch level

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Specific affected chipsets: IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SDX20

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel privileges leading to complete device compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Device crash/reboot (denial of service) or limited code execution in kernel context.

🟢

If Mitigated

No impact if patched; limited impact if device has exploit mitigations like ASLR and NX.

🌐 Internet-Facing: MEDIUM - Requires local access or malicious app installation, not directly exploitable over internet.

🏢 Internal Only: HIGH - Malicious apps or compromised apps could exploit this locally on devices.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access or malicious app installation. No public exploit code available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android security patch level April 5, 2018 or later

Vendor Advisory: https://source.android.com/security/bulletin/2018-04-01

Restart Required: Yes

Instructions:

1. Check device security patch level in Settings > About phone > Android security patch level. 2. If before April 2018, update to latest Android version via Settings > System > System update. 3. For enterprise devices, push updates via MDM. 4. For embedded/IoT devices, contact manufacturer for firmware updates.

🔧 Temporary Workarounds

Disable unnecessary RPMB listeners

android

Reduce attack surface by disabling unused RPMB functionality if possible

🧯 If You Can't Patch

Isolate affected devices on network segments with strict access controls
Implement application allowlisting to prevent malicious app installation

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level: Settings > About phone > Android security patch level. If date is before April 5, 2018, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Confirm security patch level shows April 2018 or later. Check Qualcomm chipset version matches affected list.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
RPMB-related error messages in system logs
Unexpected process crashes

Network Indicators:

Unusual device behavior patterns
Anomalous outbound connections from affected devices

SIEM Query:

Device logs showing kernel panics OR security patch level before 2018-04-05 AND Qualcomm chipset in affected list

📊 Metadata

CVE ID: CVE-2016-10484

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: April 18, 2018

Last Updated: November 21, 2024

🔗 References

http://www.securityfocus.com/bid/103671 Third Party Advisory,VDB Entry
https://source.android.com/security/bulletin/2018-04-01 Vendor Advisory
http://www.securityfocus.com/bid/103671 Third Party Advisory,VDB Entry
https://source.android.com/security/bulletin/2018-04-01 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ipq4019 Firmware by Qualcomm

Mdm9206 Firmware by Qualcomm

Mdm9607 Firmware by Qualcomm

Mdm9625 Firmware by Qualcomm

Mdm9635m Firmware by Qualcomm

Mdm9640 Firmware by Qualcomm

Mdm9645 Firmware by Qualcomm

Mdm9650 Firmware by Qualcomm

Mdm9655 Firmware by Qualcomm

Msm8909w Firmware by Qualcomm

Sd 205 Firmware by Qualcomm

Sd 210 Firmware by Qualcomm

Sd 212 Firmware by Qualcomm

Sd 400 Firmware by Qualcomm

Sd 410 Firmware by Qualcomm

Sd 412 Firmware by Qualcomm

Sd 415 Firmware by Qualcomm

Sd 425 Firmware by Qualcomm

Sd 430 Firmware by Qualcomm

Sd 450 Firmware by Qualcomm

Sd 615 Firmware by Qualcomm

Sd 616 Firmware by Qualcomm

Sd 617 Firmware by Qualcomm

Sd 625 Firmware by Qualcomm

Sd 650 Firmware by Qualcomm

Sd 652 Firmware by Qualcomm

Sd 800 Firmware by Qualcomm

Sd 808 Firmware by Qualcomm

Sd 810 Firmware by Qualcomm

Sd 820 Firmware by Qualcomm

Sd 820a Firmware by Qualcomm

Sd 835 Firmware by Qualcomm

Sdx20 Firmware by Qualcomm