Critical severity9.8NVD Advisory· Published Aug 30, 2016· Updated May 6, 2026

CVE-2016-5344

Description

Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service or possibly have unspecified other impact via a large size value, related to mdss_compat_utils.c, mdss_fb.c, and mdss_rotator.c.

Affected products

Google/Android
cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
Range: <=7.0
Linux/Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Range: >=3.0,<=3.19.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

source.android.com/security/bulletin/2016-10-01.htmlnvdPatchThird Party Advisory
source.codeaurora.org/quic/la/kernel/msm-3.18/commit/nvdMailing ListPatchThird Party Advisory
www.securityfocus.com/bid/92695nvdThird Party AdvisoryVDB Entry
www.codeaurora.org/integer-overflow-mdss-driver-cve-2016-5344nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000