CVE-2016-2067

HIGH

Android < 6.0.1 and Linux Kernel 3.0-3.19.8 - Privilege Escalation via MSM GPU Driver Flag Mishandling

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-2067. PoCs published by hhj4ck.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2016-2067, targeting the Adreno GPU IOMMU DMA vulnerability on Nexus 6P (Android 6.0.1). The exploit overwrites vdso.so with shellcode via DMA writes, achieving root shell execution through the /init process.

Description

drivers/gpu/msm/kgsl.c in the MSM graphics driver (aka GPU driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, mishandles the KGSL_MEMFLAGS_GPUREADONLY flag, which allows attackers to gain privileges by leveraging accidental read-write mappings, aka Qualcomm internal bug CR988993.

Exploits (1)

nomisec WORKING POC 8 stars
by hhj4ck · poc
https://github.com/hhj4ck/CVE-2016-2067

This repository contains a functional exploit for CVE-2016-2067, targeting the Adreno GPU IOMMU DMA vulnerability on Nexus 6P (Android 6.0.1). The exploit overwrites vdso.so with shellcode via DMA writes, achieving root shell execution through the /init process.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Qualcomm Adreno GPU (4xx series) on Android 6.0.1 (Nexus 6P)
No auth needed
Prerequisites: Physical or local access to vulnerable device · Adreno 4xx GPU · Android 6.0.1 with specific kernel version
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.8
EPSS 0.0007
EPSS Percentile 20.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-269
Status published
Products (2)
google/android < 6.0.1
linux/linux_kernel 3.0 - 3.19.8
Published Jul 11, 2016
Tracked Since Feb 18, 2026