CVE-2016-8460

MEDIUM

Android Kernel 3.10 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-8460. PoCs published by codecat007.

AI-analyzed exploit summary This PoC exploits a memory corruption vulnerability in the NVIDIA nvmap driver (CVE-2016-8460) by manipulating ioctl calls to leak kernel memory. It demonstrates the flaw by creating and pinning handles, then forcing an out-of-bounds read to expose kernel data.

Description

An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-31668540. References: N-CVE-2016-8460.

Exploits (1)

github WORKING POC 8 stars
by codecat007 · cpoc
https://github.com/codecat007/cvehub/tree/main/android/securityPatch/CVE-2016-8460

This PoC exploits a memory corruption vulnerability in the NVIDIA nvmap driver (CVE-2016-8460) by manipulating ioctl calls to leak kernel memory. It demonstrates the flaw by creating and pinning handles, then forcing an out-of-bounds read to expose kernel data.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: NVIDIA nvmap driver (Android kernel)
No auth needed
Prerequisites: Access to /dev/nvmap · Kernel with vulnerable nvmap driver
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/95249

Scores

CVSS v3 5.5
EPSS 0.0078
EPSS Percentile 51.1%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (2)
Google Inc./Android Kernel-3.10
linux/linux_kernel 3.10
Published Jan 12, 2017
Tracked Since Feb 18, 2026