CVE-2016-0822

HIGH

Android 6.0.1 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-0822. PoCs published by ScottyBauer.

AI-analyzed exploit summary This PoC demonstrates a buffer overflow vulnerability in the MediaTek Connectivity Driver (CVE-2016-0822) by exploiting improper bounds checking in the WMT_IOCTL_SET_PATCH_INFO ioctl handler. It allocates kernel structures and overflows them with controlled data, potentially leading to kernel panic or privilege escalation.

Description

The MediaTek connectivity kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application that leverages conn_launcher access, aka internal bug 25873324.

Exploits (1)

github WORKING POC 682 stars
by ScottyBauer · cpoc
https://github.com/ScottyBauer/Android_Kernel_CVE_POCs/tree/master/CVE-2016-0822-mtk.c

This PoC demonstrates a buffer overflow vulnerability in the MediaTek Connectivity Driver (CVE-2016-0822) by exploiting improper bounds checking in the WMT_IOCTL_SET_PATCH_INFO ioctl handler. It allocates kernel structures and overflows them with controlled data, potentially leading to kernel panic or privilege escalation.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: MediaTek Connectivity Driver (Linux kernel module)
No auth needed
Prerequisites: Access to /dev/mtk_stp_wmt device node · MediaTek-based Android device with vulnerable kernel
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/84263

Scores

CVSS v3 7.0
EPSS 0.0046
EPSS Percentile 36.5%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-264
Status published
Products (1)
google/android 6.0.1
Published Mar 12, 2016
Tracked Since Feb 18, 2026