CVE-2016-2384
MEDIUMLinux Kernel < 4.4.8 - Use-After-Free in USB MIDI Descriptor Handling
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2016-2384. PoCs published by Andrey Konovalov, codecat007.
AI-analyzed exploit summary This exploit targets CVE-2016-2384, a vulnerability in the Linux kernel's USB-MIDI driver. It achieves arbitrary code execution with ring 0 privileges by leveraging a malicious USB device and a local binary, bypassing SMEP but not SMAP.
Description
Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.
Exploits (2)
exploitdb
WORKING POC
by Andrey Konovalov · textlocallinux
https://www.exploit-db.com/exploits/41999
This exploit targets CVE-2016-2384, a vulnerability in the Linux kernel's USB-MIDI driver. It achieves arbitrary code execution with ring 0 privileges by leveraging a malicious USB device and a local binary, bypassing SMEP but not SMAP.
Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target:
Linux kernel (versions starting from v3.0)
No auth needed
Prerequisites:
Physical access to plug in a malicious USB device · Local access to execute a binary as a non-privileged user
devstral-2 · analyzed Feb 16, 2026
Full analysis →
github
WORKING POC
8 stars
by codecat007 · cpoc
https://github.com/codecat007/cvehub/tree/main/android/kernel/EXP-CVE-2016-2384
This repository contains a functional proof-of-concept exploit for CVE-2016-2384, a vulnerability in the USB-MIDI Linux kernel driver. The exploit leverages a hardware USB emulator (e.g., Facedancer21) to trigger memory corruption and achieve local privilege escalation via ROP chain.
Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target:
Linux kernel (USB-MIDI driver)
No auth needed
Prerequisites:
Physical access to the machine · Hardware USB emulator (e.g., Facedancer21) · Kernel symbols and ROP gadgets addresses
MITRE ATT&CK
devstral-2 · analyzed Feb 27, 2026
Full analysis →
References (38)
Core 38
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/02/14/2
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00031.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2016/dsa-3503
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00028.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2584.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00029.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2574.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0817.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00030.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00036.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00032.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00034.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00037.html
Patch, Vendor Advisory x_refsource_confirm
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=07d86ca93db7e5cdf4743564d98292042ec21af7
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2928-1
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2931-1
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2928-2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/83256
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2929-2
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00033.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1035072
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2930-1
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2930-2
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2930-3
Various Sources x_refsource_misc
https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-2384
Patch x_refsource_confirm
https://github.com/torvalds/linux/commit/07d86ca93db7e5cdf4743564d98292042ec21af7
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1308444
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2929-1
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2932-1
Scores
CVSS v3
4.6
EPSS
0.0898
EPSS Percentile
92.8%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
Status
published
Products (2)
linux/linux_kernel
< 4.4.8
novell/suse_linux_enterprise_real_time_extension
12 sp1
Published
Apr 27, 2016
Tracked Since
Feb 18, 2026