CVE-2016-5862

HIGH

Qualcomm - Device Restart

Title source: llm

Description

When a control related to codec is issued from userspace in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, the type casting is done to the container structure instead of the codec's individual structure, resulting in a device restart after kernel crash occurs.

Exploits (1)

github WORKING POC 8 stars

by codecat007 · cpoc

https://github.com/codecat007/cvehub/tree/main/android/securityPatch/CVE-2016-5862

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/98194

[Patch, Vendor Advisory] https://source.android.com/security/bulletin/2017-05-01

[Issue Tracking, Patch, Third Party Advisory] https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=4199451e83729a3add781eeafaee32994ff65b04

Scores

CVSS v3 7.0

EPSS 0.0006

EPSS Percentile 18.3%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-264

Status published

Products (2)

google/android

Qualcomm, Inc./All Qualcomm products Android for MSM, Firefox OS for MSM, QRD Android

Published Aug 16, 2017

Tracked Since Feb 18, 2026