CVE-2016-10277

HIGH

Linux Kernel - Elevation of Privilege via Motorola Bootloader

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2016-10277. PoCs published by Roee Hay, alephsecurity, leosol.

AI-analyzed exploit summary This exploit leverages a kernel command-line injection vulnerability in Motorola's ABOOT to inject a malicious initramfs payload, bypassing Secure Boot and device locking to achieve unconfined root access. The exploit requires physical USB access and must be re-executed after each reboot.

Description

An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33840490.

Exploits (3)

exploitdb WORKING POC
by Roee Hay · textlocalandroid
https://www.exploit-db.com/exploits/42601

This exploit leverages a kernel command-line injection vulnerability in Motorola's ABOOT to inject a malicious initramfs payload, bypassing Secure Boot and device locking to achieve unconfined root access. The exploit requires physical USB access and must be re-executed after each reboot.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Motorola Android Bootloader (ABOOT) on vulnerable devices (e.g., Moto G5)
No auth needed
Prerequisites: Physical USB access to the device · Fastboot mode enabled · Vulnerable Motorola ABOOT version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 81 stars
by alephsecurity · poc
https://github.com/alephsecurity/initroot

This repository contains a functional exploit for CVE-2016-10277, demonstrating a bootloader kernel command-line injection vulnerability in Motorola devices. It includes scripts and initramfs archives to achieve both tethered and untethered root access by bypassing secure boot and device locking mechanisms.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Motorola Bootloader (Multiple Devices)
No auth needed
Prerequisites: Physical access to the device · Fastboot/ADB tools · Unlocked bootloader or exploit conditions
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 5 stars
by leosol · poc
https://github.com/leosol/initroot

This repository contains functional exploit scripts for CVE-2016-10277, targeting Motorola devices by flashing modified ramdisks to achieve root access. The scripts leverage the vulnerability to bypass security restrictions and gain privileged execution.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Motorola devices (XT-1033, XT-1040, etc.) with vulnerable bootloader configurations
No auth needed
Prerequisites: Physical access to the device · Unlocked bootloader or fastboot access · Compatible Motorola device model
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2017-05-01
Technical Description, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/98149
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42601/

Scores

CVSS v3 7.8
EPSS 0.0946
EPSS Percentile 94.8%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-264
Status published
Products (4)
Google Inc./Android Kernel-3.10
Google Inc./Android Kernel-3.18
linux/linux_kernel 3.10
linux/linux_kernel 3.18
Published May 12, 2017
Tracked Since Feb 18, 2026