Skip to content

This project contains pocs and exploits for vulneribilities I found (mostly)

Notifications You must be signed in to change notification settings

jiayy/android_vuln_poc-exp

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

61 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Exploits

CVE Number Feature Device
CVE-2023-26083 mali driver android
CVE-2023-20963 WorkSource parcel/unparcel android
CVE-2023-27703 pikpak apk android
CVE-2023-33768 Incorrect signature verification of the firmware Belkin Wemo Smart Plug WSP080
CVE-2023-35671 Android App Pin security issue exposes payment cards in Google Wallet to unauthorized payments android
CVE-2023-45777 bad Parcel android
CVE-2023-50226 Parallels Desktop macos
CVE-2024-21626 docker runc escape vuln docker
CVE-2024-0684 A vulnerability in the GNU coreutils "split" program ubuntu
CVE-2015-5165             qemu ubuntu
CVE-2015-7504             qemu ubuntu
CVE-2016-3935             msm crypto driver nexus 6p
CVE-2016-0844 msm ipa driver nexus 6p
CVE-2016-6038 msm crypto driver nexus 6p
CVE-2016-2411 Qualcomm Power Management driver nexus 5x
CVE-2016-2434 NVIDIA video driver nexus 9
CVE-2016-2435 NVIDIA video driver nexus 9
CVE-2016-3857 linux kernel nexus 7
CVE-2016-2384 double-free in USB MIDI driver linux pc
CVE-2016-9793 signedness issue with SO_SNDBUFFORCE and SO_RCVBUFFORCE socket options linux pc
CVE-2017-6074 double-free in DCCP protocol linux pc
CVE-2017-7308 signedness issue in AF_PACKET sockets linux pc
CVE-2017-1000112 memory corruption due to UFO to non-UFO path switch linux pc
CVE-2018-17182 cache invalidation bug in linux linux pc
CVE-2018-18281 uaf caused by TLB late flush pixel2
CVE-2019-13272 PTRACE_TRACEME local root on x86-64 ubuntu
CVE-2019-13272 PTRACE_TRACEME local root on aarch64 ubuntu

Vulnerabilities Discovered By Me (mostly)

Google

CVE Number Feature Keywords Bulletin
CVE-2016-0805       perf_event_open Buffer Overflow, OOB Android bulletin 2016-02
CVE-2016-0844 msm ipa driver Array Overflow, OOB Android bulletin 2016-04
CVE-2016-3869 bcmdhd driver Array Overflow, OOB Android bulletin 2016-09
CVE-2016-3865 touchscreen driver Stack Overflow, OOB Android bulletin 2016-09
CVE-2016-3866 msm sound driver Buffer Overflow, OOB Android bulletin 2016-09
CVE-2016-3867 msm ipa driver Race Heap Overflow Android bulletin 2016-09
CVE-2016-3935 msm crypto driver Integer Overflow Android bulletin 2016-10
CVE-2016-5195
CVE-2016-6690 msm sound driver Arbitrary Address Write Android bulletin 2016-10
CVE-2016-3901 msm crypto driver Heap Overflow Android bulletin 2016-10
CVE-2016-3940 touchscreen driver Stack Overflow, OOB Android bulletin 2016-10
CVE-2016-6672 touchscreen driver Stack Overflow, OOB Android bulletin 2016-10
CVE-2016-6738 msm crypto driver Arbitrary Address Write Android bulletin 2016-11
CVE-2016-3906 msm core driver Info Leak Android bulletin 2016-11
CVE-2016-6725 qcom crypto driver Integer Overflow Android bulletin 2016-11
CVE-2016-6740 msm camera driver Stack Overflow Android bulletin 2016-11
CVE-2016-6741 msm camera driver Stack Overflow Android bulletin 2016-11
CVE-2016-6742 touchscreen driver Heap Overflow Android bulletin 2016-11
CVE-2016-6744 touchscreen driver Stack Overflow Android bulletin 2016-11
CVE-2016-6745 touchscreen driver Race Heap Overflow Android bulletin 2016-11
CVE-2016-8464 bcmdhd driver Heap Overflow, OOB Android bulletin 2017-01
CVE-2017-0434 Synaptics touchscreen driver Race Condition UAF Android bulletin 2017-02
CVE-2017-0446 htc touchscreen driver Race Condition UAF Android bulletin 2017-02
CVE-2017-0447 htc touchscreen driver Race Condition UAF Android bulletin 2017-02
CVE-2017-0432 mtk driver Array Overflow, OOB Android bulletin 2017-02
CVE-2017-0524 htc touchscreen driver Race Condition UAF Android bulletin 2017-03
CVE-2017-0536 Synaptics touchscreen driver Info Leak Android bulletin 2017-03
CVE-2017-0329 tegra driver Buffer Overflow, OOB Android bulletin 2017-04
CVE-2017-6426 Qualcomm SPMI driver Info Leak Android bulletin 2017-04
CVE-2017-0332 tegra crypto driver Buffer Overflow, OOB Android bulletin 2017-04
CVE-2016-10285 msm mdss driver Info Leak Android bulletin 2017-05
CVE-2016-10288 qcom led driver UAF Android bulletin 2017-05
CVE-2016-10290 qcom sharedmem driver Race Condition UAF Android bulletin 2017-05
CVE-2017-0624 qcom wlan driver Race Condition UAF Android bulletin 2017-05
CVE-2016-10294 qcom power management driver Race Condition infoleak Android bulletin 2017-05
CVE-2016-10295 qcom led driver Race Condition infoleak Android bulletin 2017-05
CVE-2016-10296 qcom sharedmem driver Race Condition infoleak Android bulletin 2017-05
CVE-2017-8243 qcom soc driver Buffer Overflow, OOB Android bulletin 2017-07
CVE-2017-8266 msm video driver Race Condition UAF Android bulletin 2017-07
CVE-2017-8270 msm wlan driver Race Condition UAF Android bulletin 2017-07
CVE-2017-0744 tegra sound driver Buffer Overflow, OOB Android bulletin 2017-08
CVE-2017-9691 MobiCore driver Race Condition Info Leak Android bulletin 2017-08
CVE-2017-10997 msm pci driver Buffer Overflow, OOB Android bulletin 2017-09
CVE-2017-8244 msm vidc debugfs driver Buffer Overflow, OOB Android bulletin 2017-12
CVE-2017-18153 N OOB Android bulletin 2018-05
CVE-2018-11302 N OOB Android bulletin 2019-09
cve-2018-5855 N OOB Android bulletin 2019-04
cve-2018-11905 N OOB Android bulletin 2019-04
CVE-2018-11825 N OOB Android release acknowledgements
CVE-2018-13890 N OOB Android release acknowledgements
CVE-2019-2299 N OOB Android release acknowledgements
CVE-2019-2302 N OOB Android release acknowledgements
CVE-2019-2312 N OOB Android release acknowledgements
CVE-2019-2314 N OOB Android release acknowledgements
CVE-2019-9248 N OOB Android release acknowledgements
CVE-2019-9386 N OOB Android release acknowledgements
CVE-2019-9448 N OOB Android release acknowledgements
CVE-2019-9449 N OOB Android release acknowledgements
CVE-2019-9450 N OOB Android release acknowledgements
CVE-2019-9451 N OOB Android release acknowledgements
CVE-2019-9452 N OOB Android release acknowledgements
CVE-2019-10506 N OOB Android release acknowledgements
CVE-2017-14888 N OOB Android release acknowledgements
CVE-2018-11302 N OOB Android release acknowledgements
CVE-2019-10542 N OOB Android release acknowledgements
cve-2019-2206 N OOB Android bulletin 2019-11
cve-2019-2297 N OOB Android bulletin 2019-10
cve-2019-10566 N OOB Android bulletin 2019-10
CVE-2019-10584 N OOB Android bulletin 2020-03
CVE-2020-0055 N OOB Android bulletin 2020-03
CVE-2020-0056 N OOB Android bulletin 2020-03
CVE-2020-0057 N OOB Android bulletin 2020-03
CVE-2020-0058 N OOB Android bulletin 2020-03
CVE-2020-0059 N OOB Android bulletin 2020-03
CVE-2020-0005 N OOB Android bulletin 2020-02

Qualcomm

CVE Number Feature Keywords Bulletin
cve-2019-10584       video overread 201912 Qual Bulletin
cve-2019-10563 wlan host Buffer Overflow 201910 Qual Bulletin
cve-2019-2302 wlan host Buffer Overflow 201910 Qual Bulletin
cve-2019-10542 wlan host Buffer Overflow 201909 Qual Bulletin
cve-2019-2312 wlan host Buffer Overflow 201907 Qual Bulletin
cve-2019-2314 display uaf 201907 Qual Bulletin
cve-2018-5883 wlan host Buffer Overflow 201905 Qual Bulletin
cve-2018-5911 wlan host Buffer Overflow 201905 Qual Bulletin
cve-2018-11905 dsp Buffer Overflow 201904 Qual Bulletin
cve-2018-11293 N Overflow 201809 Qual Bulletin
cve-2018-11297 wlan host Buffer Overflow 201809 Qual Bulletin
cve-2018-11302 wlan host Buffer Overflow 201809 Qual Bulletin
cve-2018-11886 wlan host Buffer Overflow 201809 Qual Bulletin
CVE-2018-3577 wlan host Integer Overflow toBuffer Overflow 201807 Qual Bulletin
CVE-2018-5830 wlan host Improper Restriction of Operations within the Bounds of a Memory Buffer 201807 Qual Bulletin
CVE-2018-5864 wlan host Improper Restriction of Operations within the Bounds of a Memory Buffer 201807 Qual Bulletin
CVE-2018-5855 wlan host buffer over-read 201807 Qual Bulletin
CVE-2017-14883 wlan host Integer Over flow 201805 Qual Bulletin
CVE-2017-14884 wlan host  Buffer Copy without Checking Size of Input in WLAN 201805 Qual Bulletin
CVE-2017-14888 wlan host  Buffer Copy without Checking Size of Input in WLAN 201805 Qual Bulletin
CVE-2017-15832 wlan host Buffer Overwrite 201805 Qual Bulletin
CVE-2017-15854 wlan host Integer Overflow 201805 Qual Bulletin
CVE-2017-18070 wlan host Integer Overflow 201805 Qual Bulletin
CVE-2018-3565 wlan host Buffer Copy without Checking Size of Input in WLAN 201805 Qual Bulletin
CVE-2018-5851 wlan host Improper Validation of Array Index 201805 Qual Bulletin
CVE-2017-14890 wlan host Improper Validation of Array Index in WLAN 201804 Qual Bulletin
CVE-2017-14894 wlan host Improper Validation of Array Index in WLAN 201804 Qual Bulletin
CVE-2017-15836 wlan host Integer Overflow 201804 Qual Bulletin
CVE-2018-3566 wlan host Buffer Copy without Checking Size of Input in WLAN 201804 Qual Bulletin
CVE-2018-3567 wlan host Buffer Copy without Checking Size of Input in WLAN 201804 Qual Bulletin
CVE-2018-3568 wlan host Buffer Copy without Checking Size of Input in WLAN 201804 Qual Bulletin
CVE-2018-5828 wlan host Improper Restriction of Operations within the Bounds of a Memory Buffer in WLAN 201804 Qual Bulletin
CVE-2017-11082 wlan host Buffer Copy without Checking Size of Input in WLAN 201803 Qual Bulletin
CVE-2017-18148 display Buffer Overflow 201803 Qual Bulletin
CVE-2017-14885 wlan host Integer Overflow to Buffer Overflow in WLAN 201803 Qual Bulletin
CVE-2017-14887 wlan host Buffer Copy without Checking Size of Input in WLAN 201803 Qual Bulletin
CVE-2017-14889 wlan host Improper Input Validation in WLAN 201803 Qual Bulletin
CVE-2017-15821 wlan host Improper Input Validation in WLAN 201803 Qual Bulletin
CVE-2017-15830 wlan host Improper Validation of Array Index in WLAN 201803 Qual Bulletin
CVE-2017-15831 wlan host Integer Overflow 201803 Qual Bulletin
CVE-2017-18150 touch Possible heap overwrite in touchscreen driver 201803 Qual Bulletin
CVE-2017-9723 Touch Buffer Overflow 201802 Qual Bulletin
CVE-2017-15823 wlan host Improper Input Validation in WLAN 201802 Qual Bulletin
CVE-2017-11030 mdss hdmi driver Use of Out-of-range Pointer Offset in Display 201712 Qual bulletin
CVE-2017-11033 coresight-tmc driver UAF 201712 Qual bulletin
CVE-2017-9722 mdss hdmi Buffer Overflow 201712 Qual bulletin
CVE-2016-5863 hidev driver Array Overflow 201710 Qual bulletin
CVE-2017-6421 touch controller driver Buffer Overflow 201710 Qual bulletin
CVE-2017-8257 sde_rotator driver UAF 201710 Qual bulletin

Huawei

CVE Number Type Bulletin
CVE-2015-8223 Dos huawei advisories 2015-11
CVE-2015-8679 Dos huawei advisories 2016-02
CVE-2015-8678 Dos huawei advisories 2016-02
CVE-2016-8768 Elevation of privilege huawei advisories 2016-10
CVE-2015-7740 Dos huawei advisories 2015-11
CVE-2015-8225 Dos huawei advisories 2015-12
CVE-2015-8226 Dos huawei advisories 2015-12
CVE-2017-0509 Elevation of privilege huawei advisories 2016-12

About

This project contains pocs and exploits for vulneribilities I found (mostly)

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published