CVE-2016-3901

HIGH

Qualcomm cryptographic engine driver - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-3901. PoCs published by codecat007.

AI-analyzed exploit summary The repository contains a functional PoC exploit for CVE-2016-3901, a heap overflow vulnerability in the Qualcomm crypto driver (qce) on Android. The exploit triggers the vulnerability via crafted IOCTL requests with malformed buffer lengths, leading to potential privilege escalation.

Description

Multiple integer overflows in drivers/crypto/msm/qcedev.c in the Qualcomm cryptographic engine driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29999161 and Qualcomm internal bug CR 1046434.

Exploits (1)

github WORKING POC 8 stars
by codecat007 · cpoc
https://github.com/codecat007/cvehub/tree/main/android/kernel/cve-2016-3901

The repository contains a functional PoC exploit for CVE-2016-3901, a heap overflow vulnerability in the Qualcomm crypto driver (qce) on Android. The exploit triggers the vulnerability via crafted IOCTL requests with malformed buffer lengths, leading to potential privilege escalation.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Android kernel (Qualcomm crypto driver, qce)
No auth needed
Prerequisites: Access to /dev/qce device node · Android device with vulnerable Qualcomm crypto driver
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/93327

Scores

CVSS v3 7.8
EPSS 0.0006
EPSS Percentile 19.0%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-190
Status published
Products (1)
google/android < 7.0
Published Oct 10, 2016
Tracked Since Feb 18, 2026