EUVD-2017-4764

Malware in sbrugna...

Exploit for Use After Free in Google Android

This is a proof-of-concept PoC application demonstrating the power of an Android kernel arbitrary R/W, specifically targeting CVE-2019-2215. The application, named Qu1ckR00t, is designed to exploit this vulnerability to achieve root access on an Android device. The exploit is implemented in the...

Google Pixel CVE-2019-2210 Privilege Escalation Vulnerability

Description Google Pixel is prone to a privilege-escalation vulnerability. An attackers may exploit this issue to gain elevated privileges. This issue are being tracked by Android Bug ID A-139148442. Technologies Affected Google Android 10.0 Google Android 9.0 Google Pixel 2 Google Pixel 2 XL...

Exploit for Use After Free in Google Android

CVE-2019-2215 Temproot for Pixel 2 and Pixel 2 XL via CVE-...

Android - Binder Driver Use-After-Free

Android - Binder Driver Use-After-Free The following issue exists in the android-msm-wahoo-4.4-pie branch of https://android.googlesource.com/kernel/msm and possibly others: There is a use-after-free of the wait member in the binderthread struct in the binder driver at /drivers/android/binder.c. ...

Google Android Binder CVE-2019-2215 Local Privilege Escalation Vulnerability

Description Google Android is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges. Technologies Affected Google Android 10.0 Google Android 9.0 Google Pixel 2 Recommendations Permit local access for trusted individuals only. Wher...

Qualcomm Android - Kernel Use-After-Free via Incorrect set_page_dirty() in KGSL Exploit

The following issue exists in the android-msm-wahoo-4.4-pie branch of https://android.googlesource.com/kernel/msm and possibly others: When kgslmementrydestroy in drivers/gpu/msm/kgsl.c is called for a writable entry with memtype KGSLMEMENTRYUSER, it attempts to mark the entry's pages as dirty...

Qualcomm Android - Kernel Use-After-Free via Incorrect set_page_dirty() in KGSL

The following issue exists in the android-msm-wahoo-4.4-pie branch of https://android.googlesource.com/kernel/msm and possibly others: When kgslmementrydestroy in drivers/gpu/msm/kgsl.c is called for a writable entry with memtype KGSLMEMENTRYUSER, it attempts to mark the entry's pages as dirty...

Android - getpidcon() Usage in Hardware binder ServiceManager Permits ACL Bypass

Android - getpidcon Usage in Hardware binder ServiceManager Permits ACL Bypass We already reported four bugs in Android that are caused by the use of getpidcon, which is fundamentally unsafe: https://bugs.chromium.org/p/project-zero/issues/detail?id=727 AndroidID-27111481; unexploitable...

Android - getpidcon() Usage in Hardware binder ServiceManager Permits ACL Bypass

We already reported four bugs in Android that are caused by the use of getpidcon, which is fundamentally unsafe: https://bugs.chromium.org/p/project-zero/issues/detail?id=727 AndroidID-27111481; unexploitable https://bugs.chromium.org/p/project-zero/issues/detail?id=851 AndroidID-29431260;...

Android Kernel < 4.8 - ptrace seccomp Filter Bypass Exploit

/ The seccomp.2 manpage http://man7.org/linux/man-pages/man2/seccomp.2.html documents: Before kernel 4.8, the seccomp check will not be run again after the tracer is notified. This means that, on older ker‐ nels, seccomp-based sandboxes must not allow use of ptrace2—even of other sandboxed...

Android Kernel &lt; 4.8 - ptrace seccomp Filter Bypass

/ The seccomp.2 manpage http://man7.org/linux/man-pages/man2/seccomp.2.html documents: Before kernel 4.8, the seccomp check will not be run again after the tracer is notified. This means that, on older ker‐ nels, seccomp-based sandboxes must not allow use of ptrace2—even of other sandboxed...

Android - sdcardfs Changes current->fs Without Proper Locking Exploit

Exploit for Android platform in category dos / poc Tested on a Pixel 2 walleye: ro.build.abupdate: true ro.build.characteristics: nosdcard ro.build.date: Mon Jun 4 22:10:18 UTC 2018 ro.build.date.utc: 1528150218 ro.build.description: walleye-user 8.1.0 OPM2.171026.006.G1 4820017 release-keys...

Android - sdcardfs Changes current-&gt;fs Without Proper Locking

Tested on a Pixel 2 walleye: ro.build.abupdate: true ro.build.characteristics: nosdcard ro.build.date: Mon Jun 4 22:10:18 UTC 2018 ro.build.date.utc: 1528150218 ro.build.description: walleye-user 8.1.0 OPM2.171026.006.G1 4820017 release-keys ro.build.display.id: OPM2.171026.006.G1...

Samsung Patches Six Critical Bugs in Flagship Handsets

Samsung began rolling out patches over the weekend to fix six critical bugs found in its flagship Android handsets as part of its May patch bulletin. Flaws range from a remote code execution bug to a buffer overflow vulnerability, plus a peek-and-poke command bug that leaves memory locations open...

CVE-2017-13247

In the Pixel 2 bootloader, there is a missing permission check which bypasses carrier bootloader lock. This could lead to local elevation of privileges with user execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID:...

Design/Logic Flaw

In the Pixel 2 bootloader, there is a missing permission check which bypasses carrier bootloader lock. This could lead to local elevation of privileges with user execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID:...

CVE-2017-13247

In the Pixel 2 bootloader, there is a missing permission check which bypasses carrier bootloader lock. This could lead to local elevation of privileges with user execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID:...

CVE-2017-13247

CVE-2017-13247 affects the Pixel 2 bootloader (Android). The issue is a missing permission check in the bootloader that bypasses the carrier bootloader lock, enabling local elevation of privileges with user-privilege requirements. Exploitation is described as local with no user interaction requir...

Google Android HTC Component Local Elevation of Privilege Vulnerability

Android on Google Pixel 2 is a Linux-based open source operating system for the Google Pixel 2 developed by Google and the Open Handset Alliance OHA.Bootloader is one of the bootloader programs. Bootloader in Android on Google Pixel 2 devices suffers from a local elevation of privilege...