High severity7.8NVD Advisory· Published Aug 30, 2016· Updated May 6, 2026

CVE-2016-5342

Description

A heap-based buffer overflow in the wcnss_wlan driver (Linux kernel 3.x) allows attackers to cause denial of service or possibly execute arbitrary code by writing unexpected data to /dev/wcnss_wlan.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A heap-based buffer overflow in the wcnss_wlan driver (Linux kernel 3.x) allows attackers to cause denial of service or possibly execute arbitrary code by writing unexpected data to /dev/wcnss_wlan.

Vulnerability

A heap-based buffer overflow exists in the wcnss_wlan_write function in drivers/net/wireless/wcnss/wcnss_wlan.c of the Linux kernel 3.x, as used in Qualcomm MSM devices and other products. The vulnerability allows an attacker to cause a denial of service or possibly have unspecified other impact by writing an unexpected amount of data to the /dev/wcnss_wlan device file [1].

Exploitation

An attacker requires write access to the /dev/wcnss_wlan device node. No authentication is needed beyond local access to the device. The attacker triggers the overflow by writing a crafted payload with an unusual size to the device file, leading to a heap-based buffer overflow [1].

Impact

Successful exploitation can result in a denial of service (system crash) or potentially arbitrary code execution. The impact may include kernel-level compromise, though the exact extent is unspecified [1].

Mitigation

Google addressed this vulnerability in the Android Security Bulletin for October 2016. Users should apply the latest security updates from their device manufacturer or update to a patched kernel version. No workaround is provided [1].

References

Android Security Bulletin—October 2016

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Google/Android
cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
Range: <=7.0
Linux/Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Range: >=3.0,<=3.19.8
Ubuntu/Linux Kernelllm-fuzzy
Range: 3.x

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

source.android.com/security/bulletin/2016-10-01.htmlnvdPatchThird Party Advisory
source.codeaurora.org/quic/la/kernel/msm-3.18/commit/nvdMailing ListPatchThird Party Advisory
www.securityfocus.com/bid/92693nvdThird Party AdvisoryVDB Entry
www.codeaurora.org/buffer-overflow-vulnerability-wcnsswlanwrite-cve-2016-5342nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000