(5th Sep 2025)
Official Published: 09/01/2025
Preface: The Real-time Transport Protocol (RTP) is an application-layer protocol, typically used over UDP, that facilitates the real-time transmission of media like audio and video over IP networks. While not a component of the modem’s RF (Radio Frequency) system itself, which handles the wireless signal, RTP works with 5G modem-RF systems by providing the actual media data for real-time applications like Voice over LTE (VoLTE) and 5G voice.
Background: RTP works with 5G modem-RF systems by providing the actual media data for real-time applications like Voice over LTE (VoLTE) and 5G voice.
“RTP NALU” refers to the encapsulation of Network Abstract Layer Unit (NALU) into Real-time Transport Protocol (RTP) packets, which is commonly used in H.264 video streaming to transmit data in real-time. NALU is a data unit in H.264 video compression, and RTP is used to encapsulate the NALU so that it can be transmitted over the network and reconstructed at the receiver side.
Vulnerability details: Improper Restriction of Operations within the Bounds of a Memory Buffer in Data Network Stack & Connectivity.
Description: Memory corruption when the UE receives an RTP packet from the network, during the reassembly of NALUs.
Technology Area: Data Network Stack & Connectivity.
Vulnerability Type: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer.
Why the 5G Modem-RF System Is Involved?
- The modem firmware handles real-time media transport, including RTP for VoLTE and 5G voice.
- RTP/NALU reassembly is part of the low-level packet processing pipeline in the modem.
- Since this is firmware-level code, it uses manual memory management (C/C++).
- The vulnerability allows attackers to send malformed RTP packets that overflow the buffer, leading to remote code execution at the kernel level.
Official announcement: Please see the link for details –
https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2025-bulletin.html