High severity7.8NVD Advisory· Published May 12, 2017· Updated May 13, 2026

CVE-2016-10274

Description

An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30202412. References: M-ALPS02897901.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A local malicious application can exploit a vulnerability in the MediaTek touchscreen driver to execute arbitrary code in the kernel, leading to permanent device compromise.

Vulnerability

The MediaTek touchscreen driver in Android contains an elevation of privilege vulnerability (CVE-2016-10274). The bug resides in the driver's handling of IOCTL calls, allowing a local application to trigger a kernel memory corruption. Affected versions include Android devices using MediaTek chipsets; the specific Android version is not listed (N/A). The issue is referenced as Android ID A-30202412 and M-ALPS02897901. [1]

Exploitation

An attacker requires the ability to install and run a malicious application on the target device. No additional permissions are needed beyond normal app sandbox. The application sends crafted IOCTL commands to the touchscreen driver, exploiting the vulnerability to corrupt kernel memory and achieve arbitrary code execution. [1]

Impact

Successful exploitation grants the attacker arbitrary code execution within the kernel context. This can lead to a permanent compromise of the device, potentially requiring reflashing the operating system to repair. The attacker gains full control over the device, including the ability to install persistent malware. [1]

Mitigation

Google released a fix in the Android Security Bulletin for May 2017. The patch is included in the Android Open Source Project (AOSP) and should be applied via OTA updates from device manufacturers. Users should ensure their devices receive the May 2017 security update. No workaround is available. [1]

References

Android Security Bulletin—May 2017

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Google/Android2 versions
cpe:2.3:o:google:android:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:google:android:*:*:*:*:*:*:*:*range: <=7.1.2
- (no CPE)range: n/a
Synaptics/touchscreen driverllm-fuzzy

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

source.android.com/security/bulletin/2017-05-01nvdPatchVendor Advisory
www.securityfocus.com/bid/98145nvd

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000