CVE-2016-3797

HIGH

Qualcomm Wi-Fi Driver - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-3797. PoCs published by ScottyBauer.

AI-analyzed exploit summary This PoC exploits CVE-2016-3797, a buffer overflow in the Qualcomm Wi-Fi driver (qcacld-2.0) by sending a maliciously crafted IOCTL request with an oversized buffer. The exploit targets the SIOCDEVPRIVATE+1 ioctl handler, which fails to validate input length, leading to memory corruption.

Description

The Qualcomm Wi-Fi driver in Android before 2016-07-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28085680 and Qualcomm internal bug CR1001450.

Exploits (1)

github WORKING POC 682 stars

by ScottyBauer · cpoc

https://github.com/ScottyBauer/Android_Kernel_CVE_POCs/tree/master/CVE-2016-3797.c

View Code ZIP pw:eip

This PoC exploits CVE-2016-3797, a buffer overflow in the Qualcomm Wi-Fi driver (qcacld-2.0) by sending a maliciously crafted IOCTL request with an oversized buffer. The exploit targets the SIOCDEVPRIVATE+1 ioctl handler, which fails to validate input length, leading to memory corruption.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Qualcomm Wi-Fi driver (qcacld-2.0) in Android kernel (msm)

No auth needed

Prerequisites: root access to execute the binary · presence of vulnerable Wi-Fi driver

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

http://source.android.com/security/bulletin/2016-07-01.html

Scores

CVSS v3 7.8

EPSS 0.0050

EPSS Percentile 38.8%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Status published

Products (1)

google/android < 6.0.1

Published Jul 11, 2016

Tracked Since Feb 18, 2026