CVE-2017-13183

In the OMXNodeInstance::useBuffer and IOMX::freeBuffer functions, there is a possible use after free due to a race condition if the user frees the buffer while it's being used in another thread. This could lead to a local elevation of privilege enabling code execution as a privileged process with...

Race condition

In the OMXNodeInstance::useBuffer and IOMX::freeBuffer functions, there is a possible use after free due to a race condition if the user frees the buffer while it's being used in another thread. This could lead to a local elevation of privilege enabling code execution as a privileged process with...

CVE-2017-13183

In the OMXNodeInstance::useBuffer and IOMX::freeBuffer functions, there is a possible use after free due to a race condition if the user frees the buffer while it's being used in another thread. This could lead to a local elevation of privilege enabling code execution as a privileged process with...

Google Android - 'IOMXNodeInstance::enableNativeBuffers' Unchecked Index

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=932 The code in IOMXNodeInstance.cpp that handles enableNativeBuffers uses portindex without validation, leading to writing the dword value 0 or 1 at an attacker controlled offset from the IOMXNodeInstance structure. The vulnerable...

Android Mitigation Bypass Vulnerability

Because of a design bug in IOMX, the user-supplied sizes in the GETPARAMETER and SETPARAMETER calls ar e discarded before calling in to the responsible OMX code-paths. This has led to a variety of overflow-type bugs. Android: mitigation bypass - the guard page creation in IOMX can fail...

CVE-2016-2417

media/libmedia/IOMX.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a parameter data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified...

Android - IOMX getConfig/getParameter Information Disclosure

Exploit for Android platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=711 Android: Information Disclosure in IOMX getConfig/getParameter Platform: Verified on google/razor/flo:6.0.1/MMB29O/2459718:user/release-keys Class: Information Disclosure...

Google Android - IOMX 'getConfig'/'getParameter' Information Disclosure

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=711 Android: Information Disclosure in IOMX getConfig/getParameter Platform: Verified on google/razor/flo:6.0.1/MMB29O/2459718:user/release-keys Class: Information Disclosure Summary: The GETCONFIG and GETPARAMETER calls on IOMX ar...

Google Android - IOMX getConfiggetParameter Information Disclosure

Google Android - IOMX getConfiggetParameter Information Disclosure Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=711 Android: Information Disclosure in IOMX getConfig/getParameter Platform: Verified on google/razor/flo:6.0.1/MMB29O/2459718:user/release-keys Class: Information...