CVE-2016-2431

HIGH

Android < 6.0.1 - Privilege Escalation via Qualcomm TrustZone Component

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2016-2431. PoCs published by laginimaineb.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2016-2431, targeting Qualcomm's KeyMaster to extract cryptographic keys. The exploit leverages memory corruption in the QSEECom API to bypass security measures and dump keys from the Widevine trusted application.

Description

The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 5, Nexus 6, Nexus 7 (2013), and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 24968809.

Exploits (2)

nomisec WORKING POC 362 stars

by laginimaineb · poc

https://github.com/laginimaineb/ExtractKeyMaster

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2016-2431, targeting Qualcomm's KeyMaster to extract cryptographic keys. The exploit leverages memory corruption in the QSEECom API to bypass security measures and dump keys from the Widevine trusted application.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Complex

Reliability

Reliable

Target: Qualcomm Secure Execution Environment (QSEE) with KeyMaster/Widevine

No auth needed

Prerequisites: Root access on the target device · Qualcomm chipset with vulnerable QSEE implementation

MITRE ATT&CK

T1006 - Direct Volume Access T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 67 stars

by laginimaineb · poc

https://github.com/laginimaineb/cve-2016-2431

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2016-2431, a Qualcomm TrustZone kernel privilege escalation vulnerability. The exploit leverages memory corruption in the Widevine Trusted Application to achieve arbitrary code execution in the TrustZone kernel.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Qualcomm TrustZone kernel (affecting devices with Widevine Trusted Application)

No auth needed

Prerequisites: Physical or local access to a vulnerable Qualcomm-based device · Presence of the Widevine Trusted Application

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_confirm

http://source.android.com/security/bulletin/2016-05-01.html

Scores

CVSS v3 7.8

EPSS 0.0160

EPSS Percentile 72.6%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-264

Status published

Products (1)

google/android < 6.0.1

Published May 09, 2016

Tracked Since Feb 18, 2026