CVE-2016-10484
Description
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, and SDX20, if a RPMB listener is registered with a very small buffer size, the calculation of the maximum transfer size for read and write operations may underflow, resulting in buffer overflow.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Buffer overflow in Qualcomm RPMB listener due to integer underflow in transfer size calculation on multiple Snapdragon SoCs.
Vulnerability
A buffer overflow vulnerability exists in the RPMB (Replay Protected Memory Block) listener implementation on Qualcomm Snapdragon platforms. When a listener is registered with a very small buffer size, the calculation of the maximum transfer size for read and write operations can underflow, leading to a heap-based buffer overflow. Affected chipsets include IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, and SDX20. The issue is patched in the Android security patch level of 2018-04-05 or earlier [1].
Exploitation
An attacker must have the ability to register an RPMB listener with a specifically chosen small buffer size. This likely requires local access or the ability to invoke a driver interface from a privileged context. No user interaction or network access is needed beyond local system access. The underflow in the size calculation occurs during subsequent read or write operations, causing the overflow.
Impact
Successful exploitation results in a buffer overflow, which can corrupt adjacent memory. This may lead to arbitrary code execution with elevated privileges or the disclosure of sensitive data stored in RPMB (e.g., device-specific keys). The impact is confined to the local system; remote exploitation is not feasible.
Mitigation
Google released the fix in the Android Security Bulletin dated April 2018, and Qualcomm provided the patch to OEMs. Devices with a security patch level of 2018-04-05 or later are protected. Users should ensure their devices receive OTA updates. No workaround is available for unpatched devices [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Range: before 2018-04-05 or earlier security patch level
- Range: before 2018-04-05 or earlier security patch level
- Range: before 2018-04-05 or earlier security patch level
- Qualcomm, Inc./Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wearv5Range: IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SDX20
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/103671mitrevdb-entryx_refsource_BID
- source.android.com/security/bulletin/2018-04-01mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.