High severity7.0NVD Advisory· Published May 12, 2017· Updated May 13, 2026

CVE-2016-10283

Description

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32094986. References: QC-CR#2002052.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Elevation of privilege in Qualcomm Wi-Fi driver on Android kernels 3.10 and 3.18 allows local app to execute arbitrary code in kernel after compromising a privileged process.

Vulnerability

An elevation of privilege vulnerability exists in the Qualcomm Wi-Fi driver on Android kernels 3.10 and 3.18. The flaw is triggered when a local malicious application, after first compromising a privileged process, interacts with the Wi-Fi driver's functionality. The specific code path is reachable when the attacker-controlled application invokes a driver ioctl or similar interface without proper validation. [1]

Exploitation

To exploit, an attacker must have a local malicious application installed. The attacker must first compromise a privileged process (e.g., system server) to gain the necessary permissions to interact with the Wi-Fi driver. Then, the application can send crafted inputs to the driver, leading to kernel memory corruption. The exact steps involve invoking a driver function that does not properly check bounds or permissions. [1]

Impact

Successful exploitation grants arbitrary code execution within the kernel context, resulting in a complete compromise of the Android device. The attacker gains elevated privileges (root-level access) and can perform any operation, including installing apps, accessing data, or modifying system settings. [1]

Mitigation

The vulnerability is patched in the Android Security Bulletin for May 2017. Users should update their devices to the latest security patch level. No workaround is available. Devices with kernels 3.10 or 3.18 are affected. [1]

References

Android Security Bulletin—May 2017

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Linux/Kernel2 versions
cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.18:*:*:*:*:*:*:*
Broadcom Corporation/Wi-Fi driverllm-fuzzy
Google/Androidv5
Range: Kernel-3.10

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

source.android.com/security/bulletin/2017-05-01nvdPatchVendor Advisory
www.securityfocus.com/bid/98160nvdThird Party AdvisoryVDB Entry
www.codeaurora.org/stack-overflow-wifi-driver-function-wlanhddchangestation-cve-2016-10283nvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000