CVE-2017-8259

HIGH

Qualcomm Android - Buffer Overflow in Service Locator

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-8259. PoCs published by ScottyBauer.

AI-analyzed exploit summary The repository contains functional exploit code for CVE-2017-8259, targeting a vulnerability in the Android kernel's IPA QMI service. The code includes structures and functions to interact with the QMI interface, likely exploiting a memory corruption or validation issue in the service.

Description

In the service locator in all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow can occur as the variable set for determining the size of the buffer is not used to indicate the size of the buffer.

Exploits (1)

github WORKING POC 682 stars
by ScottyBauer · cpoc
https://github.com/ScottyBauer/Android_Kernel_CVE_POCs/tree/master/CVE-2017-8259

The repository contains functional exploit code for CVE-2017-8259, targeting a vulnerability in the Android kernel's IPA QMI service. The code includes structures and functions to interact with the QMI interface, likely exploiting a memory corruption or validation issue in the service.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Android Kernel (IPA QMI Service)
No auth needed
Prerequisites: Access to the target device's kernel · Compiled exploit binary
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (2)

Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2017-07-01
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/99465

Scores

CVSS v3 7.8
EPSS 0.0046
EPSS Percentile 36.2%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-120
Status published
Products (2)
google/android
Qualcomm, Inc./All Qualcomm products All Android releases from CAF using the Linux kernel
Published Aug 11, 2017
Tracked Since Feb 18, 2026