CVE-2017-0518

HIGH

Android Kernel 3.18 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-0518. PoCs published by ScottyBauer.

AI-analyzed exploit summary This PoC demonstrates a race condition in the Android kernel (CVE-2017-0518) by exploiting the QBT1000 driver via ioctl calls to achieve arbitrary kernel writes and heap pointer leaks. The code sets up an IPC server and manipulates QMI headers to trigger the vulnerability.

Description

An elevation of privilege vulnerability in the Qualcomm fingerprint sensor driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32370896. References: QC-CR#1086530.

Exploits (1)

github WORKING POC 682 stars
by ScottyBauer · cpoc
https://github.com/ScottyBauer/Android_Kernel_CVE_POCs/tree/master/CVE-2017-0518_0519.c

This PoC demonstrates a race condition in the Android kernel (CVE-2017-0518) by exploiting the QBT1000 driver via ioctl calls to achieve arbitrary kernel writes and heap pointer leaks. The code sets up an IPC server and manipulates QMI headers to trigger the vulnerability.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: Android Kernel (QBT1000 driver)
No auth needed
Prerequisites: Access to /dev/qbt1000 device node · Android device with vulnerable kernel
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (4)

Core 4
Core References
Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2017-03-01
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1037968
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/96950

Scores

CVSS v3 7.0
EPSS 0.0175
EPSS Percentile 74.9%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Status published
Products (2)
Google Inc./Android Kernel-3.18
linux/linux_kernel 3.18
Published Mar 08, 2017
Tracked Since Feb 18, 2026