CVE-2016-10491

Q: What is the severity of CVE-2016-10491?

CVE-2016-10491 has a CVSS score of 9.8 (CRITICAL). This CVE describes an integer overflow vulnerability in Qualcomm Snapdragon QuRT API functions that can lead to buffer overflow. It affects Android devices with Qualcomm chipsets before the April 2018 security patch. Successful exploitation could allow attackers to execute arbitrary code with elevated privileges.

9.8 CRITICAL

Buffer Overflow

📋 TL;DR

This CVE describes an integer overflow vulnerability in Qualcomm Snapdragon QuRT API functions that can lead to buffer overflow. It affects Android devices with Qualcomm chipsets before the April 2018 security patch. Successful exploitation could allow attackers to execute arbitrary code with elevated privileges.

💻 Affected Systems

Products:

Android devices with Qualcomm Snapdragon chipsets

Versions: Android versions before April 2018 security patch (2018-04-05)

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Affects specific Qualcomm Snapdragon models including MDM9206, MDM9607, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, SDX20 and others listed in CVE.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel-level privileges leading to complete device compromise, data theft, and persistent backdoor installation.

🟠

Likely Case

Local privilege escalation allowing attackers to gain elevated system permissions and bypass security controls.

🟢

If Mitigated

Limited impact with proper patch management and security controls in place, potentially reduced to denial of service.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access to the device. The vulnerability is in Qualcomm's QuRT API, which may require specific knowledge of the chipset architecture.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android security patch level 2018-04-05 or later

Vendor Advisory: https://source.android.com/security/bulletin/2018-04-01

Restart Required: Yes

Instructions:

1. Check current Android security patch level in Settings > About phone > Android security patch level. 2. If patch level is before April 2018, update device through Settings > System > System update. 3. For enterprise devices, deploy updates through MDM solutions. 4. Verify patch installation by checking security patch level again.

🔧 Temporary Workarounds

No effective workarounds available

all

This is a firmware-level vulnerability requiring vendor patches. No configuration changes or software workarounds can mitigate the core vulnerability.

🧯 If You Can't Patch

Isolate affected devices from critical networks and sensitive data
Implement strict application whitelisting and monitor for unusual process behavior

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android security patch level. If date is before 2018-04-05, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Android security patch level shows 2018-04-05 or later date after applying updates.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Unexpected process crashes in system services
Memory corruption errors in system logs

Network Indicators:

Unusual outbound connections from system processes
Suspicious network activity from privileged contexts

SIEM Query:

source="android_logs" AND ("kernel panic" OR "segmentation fault" OR "buffer overflow") AND process="system_server"

📊 Metadata

CVE ID: CVE-2016-10491

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-190

Published: April 18, 2018

Last Updated: November 21, 2024

🔗 References

http://www.securityfocus.com/bid/103671 Third Party Advisory,VDB Entry
https://source.android.com/security/bulletin/2018-04-01 Vendor Advisory
http://www.securityfocus.com/bid/103671 Third Party Advisory,VDB Entry
https://source.android.com/security/bulletin/2018-04-01 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Mdm9206 Firmware by Qualcomm

Mdm9607 Firmware by Qualcomm

Mdm9625 Firmware by Qualcomm

Mdm9640 Firmware by Qualcomm

Mdm9645 Firmware by Qualcomm

Mdm9650 Firmware by Qualcomm

Mdm9655 Firmware by Qualcomm

Msm8909w Firmware by Qualcomm

Sd 205 Firmware by Qualcomm

Sd 210 Firmware by Qualcomm

Sd 212 Firmware by Qualcomm

Sd 400 Firmware by Qualcomm

Sd 410 Firmware by Qualcomm

Sd 412 Firmware by Qualcomm

Sd 415 Firmware by Qualcomm

Sd 425 Firmware by Qualcomm

Sd 430 Firmware by Qualcomm

Sd 450 Firmware by Qualcomm

Sd 615 Firmware by Qualcomm

Sd 616 Firmware by Qualcomm

Sd 617 Firmware by Qualcomm

Sd 625 Firmware by Qualcomm

Sd 650 Firmware by Qualcomm

Sd 652 Firmware by Qualcomm

Sd 800 Firmware by Qualcomm

Sd 808 Firmware by Qualcomm

Sd 810 Firmware by Qualcomm

Sd 820 Firmware by Qualcomm

Sd 835 Firmware by Qualcomm

Sd 845 Firmware by Qualcomm

Sd 850 Firmware by Qualcomm

Sdx20 Firmware by Qualcomm