CVE-2016-0844

HIGH

Qualcomm RF driver <2016-04-01 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-0844. PoCs published by codecat007.

AI-analyzed exploit summary The repository contains a functional PoC for CVE-2016-0844, a local privilege escalation vulnerability in the Android kernel's rmnet driver. The exploit leverages improper handling of RMNET_IOCTL_ADD_MUX_CHANNEL ioctl calls to trigger a use-after-free condition.

Description

The Qualcomm RF driver in Android 6.x before 2016-04-01 does not properly restrict access to socket ioctl calls, which allows attackers to gain privileges via a crafted application, aka internal bug 26324307.

Exploits (1)

github WORKING POC 8 stars
by codecat007 · cpoc
https://github.com/codecat007/cvehub/tree/main/android/kernel/CVE-2016-0844

The repository contains a functional PoC for CVE-2016-0844, a local privilege escalation vulnerability in the Android kernel's rmnet driver. The exploit leverages improper handling of RMNET_IOCTL_ADD_MUX_CHANNEL ioctl calls to trigger a use-after-free condition.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Android kernel (rmnet driver)
No auth needed
Prerequisites: Android device with vulnerable rmnet driver · local access to the device
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 8.4
EPSS 0.0002
EPSS Percentile 3.8%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-264
Status published
Products (2)
google/android 6.0
google/android 6.0.1
Published Apr 18, 2016
Tracked Since Feb 18, 2026