CVE-2016-5346

MEDIUM

Google Android < 7.0 - Information Disclosure via AF_MSM_IPC Socket Accept System Call

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-5346. PoCs published by codecat007.

AI-analyzed exploit summary The repository contains a functional PoC for CVE-2016-5346, a NULL pointer dereference vulnerability in the AF_MSM_IPC socket implementation in the Linux kernel. The PoC triggers the vulnerability by calling `accept` on a socket created with `AF_MSM_IPC` and `SOCK_DGRAM`, leading to a kernel crash.

Description

An Information Disclosure vulnerability exists in the Google Pixel/Pixel SL Qualcomm Avtimer Driver due to a NULL pointer dereference when processing an accept system call by the user process on AF_MSM_IPC sockets, which could let a local malicious user obtain sensitive information (Android Bug ID A-32551280).

Exploits (1)

github WORKING POC 8 stars

by codecat007 · cpoc

https://github.com/codecat007/cvehub/tree/main/android/CVE-2016-5346

View Code ZIP pw:eip

The repository contains a functional PoC for CVE-2016-5346, a NULL pointer dereference vulnerability in the AF_MSM_IPC socket implementation in the Linux kernel. The PoC triggers the vulnerability by calling `accept` on a socket created with `AF_MSM_IPC` and `SOCK_DGRAM`, leading to a kernel crash.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Linux kernel (Qualcomm MSM IPC Router)

No auth needed

Prerequisites: Access to a vulnerable Linux kernel with AF_MSM_IPC support

MITRE ATT&CK