Retme的未来道具研究所

世界線の収束には、逆らえない

This page shows the vuls I've found on Kernel and TEE of Android.
Well...This page does NOT show all the bugs I've found before. I'm not a fan of bug reporting these years. I'll always keep some exploitable bugs in private.

CVE-2015-4421

The tzdriver module of Huawei Mate 7 smartphone has an input check error, which allows the user-mode application to modify kernel-mode memory data and maybe make system break down or application elevate privilege. (Vulnerability ID: HWPSIRT-2015-03011)

CVE-2015-4422

The TEEOS module of Huawei Mate 7 smartphone which is used to realize the function of fingerprint identification has an input check error, which enables the attackers with the root permission to modify kernel-mode memory data of TEEOS module, which could make system break down, TEEOS be tampered or malicious code execution. (Vulnerability ID: HWPSIRT-2015-03012)

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-432799.htm


CVE-2016-2468

OOB write in Qualcomm MSM GPU driver


CVE-2016-3762

Untrusted App cannot create AF_MSM_IPC or other undefined socket any more...


CVE-2016-3842

Use-after-free vulnerability in Qualcomm MSM GPU driver.


CVE-2016-6776


CVE-2016-6787

Use-after-free vulnerability in perf subsystem which effected all Android devices. Fully working rooting exploit has been worked out.


CVE-2016-8412


CVE-2016-8427


CVE-2016-8444


CVE-2017-0403

Use-after-free vulnerability in perf subsystem which effected all Android devices. Fully working rooting exploit has been worked out.


CVE-2017-0427


CVE-2017-0334

CVE-2017-0456

CVE-2017-0457

CVE-2017-0525


CVE-2016-10287


CVE-2017-8265


CVE-2017-15316

CVE-2019-2298

CVE-2019-16508

https://www.cvedetails.com/cve/CVE-2019-16508/

  • Exploitable on Chrome OS. Part of our Chrome pwnium exploit chain. SLIDES

评论已关闭