180
GitHub - jiayy/android_vuln_poc-exp: This project contains pocs and exploits for...
source link: https://github.com/jiayy/android_vuln_poc-exp
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Vulnerabilities Discovered By Me (mostly)
| CVE Number | Feature | Keywords | Bulletin |
|---|---|---|---|
| CVE-2016-0805 | perf_event_open | Buffer Overflow, OOB | Android bulletin 2016-02 |
| CVE-2016-0844 | msm ipa driver | Array Overflow, OOB | Android bulletin 2016-04 |
| CVE-2016-3869 | bcmdhd driver | Array Overflow, OOB | Android bulletin 2016-09 |
| CVE-2016-3865 | touchscreen driver | Stack Overflow, OOB | Android bulletin 2016-09 |
| CVE-2016-3866 | msm sound driver | Buffer Overflow, OOB | Android bulletin 2016-09 |
| CVE-2016-3867 | msm ipa driver | Race Heap Overflow | Android bulletin 2016-09 |
| CVE-2016-3935 | msm crypto driver | Integer Overflow | Android bulletin 2016-10 |
| CVE-2016-5195 | |||
| CVE-2016-6690 | msm sound driver | Arbitrary Address Write | Android bulletin 2016-10 |
| CVE-2016-3901 | msm crypto driver | Heap Overflow | Android bulletin 2016-10 |
| CVE-2016-3940 | touchscreen driver | Stack Overflow, OOB | Android bulletin 2016-10 |
| CVE-2016-6672 | touchscreen driver | Stack Overflow, OOB | Android bulletin 2016-10 |
| CVE-2016-6738 | msm crypto driver | Arbitrary Address Write | Android bulletin 2016-11 |
| CVE-2016-3906 | msm core driver | Info Leak | Android bulletin 2016-11 |
| CVE-2016-6725 | qcom crypto driver | Integer Overflow | Android bulletin 2016-11 |
| CVE-2016-6740 | msm camera driver | Stack Overflow | Android bulletin 2016-11 |
| CVE-2016-6741 | msm camera driver | Stack Overflow | Android bulletin 2016-11 |
| CVE-2016-6742 | touchscreen driver | Heap Overflow | Android bulletin 2016-11 |
| CVE-2016-6744 | touchscreen driver | Stack Overflow | Android bulletin 2016-11 |
| CVE-2016-6745 | touchscreen driver | Race Heap Overflow | Android bulletin 2016-11 |
| CVE-2016-8464 | bcmdhd driver | Heap Overflow, OOB | Android bulletin 2017-01 |
| CVE-2017-0434 | Synaptics touchscreen driver | Race Condition UAF | Android bulletin 2017-02 |
| CVE-2017-0446 | htc touchscreen driver | Race Condition UAF | Android bulletin 2017-02 |
| CVE-2017-0447 | htc touchscreen driver | Race Condition UAF | Android bulletin 2017-02 |
| CVE-2017-0432 | mtk driver | Array Overflow, OOB | Android bulletin 2017-02 |
| CVE-2017-0524 | htc touchscreen driver | Race Condition UAF | Android bulletin 2017-03 |
| CVE-2017-0536 | Synaptics touchscreen driver | Info Leak | Android bulletin 2017-03 |
| CVE-2017-0329 | tegra driver | Buffer Overflow, OOB | Android bulletin 2017-04 |
| CVE-2017-6426 | Qualcomm SPMI driver | Info Leak | Android bulletin 2017-04 |
| CVE-2017-0332 | tegra crypto driver | Buffer Overflow, OOB | Android bulletin 2017-04 |
| CVE-2016-10285 | msm mdss driver | Info Leak | Android bulletin 2017-05 |
| CVE-2016-10288 | qcom led driver | UAF | Android bulletin 2017-05 |
| CVE-2016-10290 | qcom sharedmem driver | Race Condition UAF | Android bulletin 2017-05 |
| CVE-2017-0624 | qcom wlan driver | Race Condition UAF | Android bulletin 2017-05 |
| CVE-2016-10294 | qcom power management driver | Race Condition infoleak | Android bulletin 2017-05 |
| CVE-2016-10295 | qcom led driver | Race Condition infoleak | Android bulletin 2017-05 |
| CVE-2016-10296 | qcom sharedmem driver | Race Condition infoleak | Android bulletin 2017-05 |
| CVE-2017-8243 | qcom soc driver | Buffer Overflow, OOB | Android bulletin 2017-07 |
| CVE-2017-8266 | msm video driver | Race Condition UAF | Android bulletin 2017-07 |
| CVE-2017-8270 | msm wlan driver | Race Condition UAF | Android bulletin 2017-07 |
| CVE-2017-0744 | tegra sound driver | Buffer Overflow, OOB | Android bulletin 2017-08 |
| CVE-2017-9691 | MobiCore driver | Race Condition Info Leak | Android bulletin 2017-08 |
| CVE-2017-10997 | msm pci driver | Buffer Overflow, OOB | Android bulletin 2017-09 |
| CVE-2017-8244 | msm vidc debugfs driver | Buffer Overflow, OOB | Android bulletin 2017-12 |
| CVE-2017-18153 | N | OOB | Android bulletin 2018-05 |
| CVE-2018-11302 | N | OOB | Android bulletin 2019-09 |
| cve-2018-5855 | N | OOB | Android bulletin 2019-04 |
| cve-2018-11905 | N | OOB | Android bulletin 2019-04 |
| CVE-2018-11825 | N | OOB | Android release acknowledgements |
| CVE-2018-13890 | N | OOB | Android release acknowledgements |
| CVE-2019-2299 | N | OOB | Android release acknowledgements |
| CVE-2019-2302 | N | OOB | Android release acknowledgements |
| CVE-2019-2312 | N | OOB | Android release acknowledgements |
| CVE-2019-2314 | N | OOB | Android release acknowledgements |
| CVE-2019-9248 | N | OOB | Android release acknowledgements |
| CVE-2019-9386 | N | OOB | Android release acknowledgements |
| CVE-2019-9448 | N | OOB | Android release acknowledgements |
| CVE-2019-9449 | N | OOB | Android release acknowledgements |
| CVE-2019-9450 | N | OOB | Android release acknowledgements |
| CVE-2019-9451 | N | OOB | Android release acknowledgements |
| CVE-2019-9452 | N | OOB | Android release acknowledgements |
| CVE-2019-10506 | N | OOB | Android release acknowledgements |
| CVE-2017-14888 | N | OOB | Android release acknowledgements |
| CVE-2018-11302 | N | OOB | Android release acknowledgements |
| CVE-2019-10542 | N | OOB | Android release acknowledgements |
| cve-2019-2206 | N | OOB | Android bulletin 2019-11 |
| cve-2019-2297 | N | OOB | Android bulletin 2019-10 |
| cve-2019-10566 | N | OOB | Android bulletin 2019-10 |
| CVE-2019-10584 | N | OOB | Android bulletin 2020-03 |
| CVE-2020-0055 | N | OOB | Android bulletin 2020-03 |
| CVE-2020-0056 | N | OOB | Android bulletin 2020-03 |
| CVE-2020-0057 | N | OOB | Android bulletin 2020-03 |
| CVE-2020-0058 | N | OOB | Android bulletin 2020-03 |
| CVE-2020-0059 | N | OOB | Android bulletin 2020-03 |
| CVE-2020-0005 | N | OOB | Android bulletin 2020-02 |
Qualcomm
| CVE Number | Feature | Keywords | Bulletin |
|---|---|---|---|
| cve-2019-10584 | video | overread | 201912 Qual Bulletin |
| cve-2019-10563 | wlan host | Buffer Overflow | 201910 Qual Bulletin |
| cve-2019-2302 | wlan host | Buffer Overflow | 201910 Qual Bulletin |
| cve-2019-10542 | wlan host | Buffer Overflow | 201909 Qual Bulletin |
| cve-2019-2312 | wlan host | Buffer Overflow | 201907 Qual Bulletin |
| cve-2019-2314 | display | uaf | 201907 Qual Bulletin |
| cve-2018-5883 | wlan host | Buffer Overflow | 201905 Qual Bulletin |
| cve-2018-5911 | wlan host | Buffer Overflow | 201905 Qual Bulletin |
| cve-2018-11905 | dsp | Buffer Overflow | 201904 Qual Bulletin |
| cve-2018-11293 | N | Overflow | 201809 Qual Bulletin |
| cve-2018-11297 | wlan host | Buffer Overflow | 201809 Qual Bulletin |
| cve-2018-11302 | wlan host | Buffer Overflow | 201809 Qual Bulletin |
| cve-2018-11886 | wlan host | Buffer Overflow | 201809 Qual Bulletin |
| CVE-2018-3577 | wlan host | Integer Overflow toBuffer Overflow | 201807 Qual Bulletin |
| CVE-2018-5830 | wlan host | Improper Restriction of Operations within the Bounds of a Memory Buffer | 201807 Qual Bulletin |
| CVE-2018-5864 | wlan host | Improper Restriction of Operations within the Bounds of a Memory Buffer | 201807 Qual Bulletin |
| CVE-2018-5855 | wlan host | buffer over-read | 201807 Qual Bulletin |
| CVE-2017-14883 | wlan host | Integer Over flow | 201805 Qual Bulletin |
| CVE-2017-14884 | wlan host | Buffer Copy without Checking Size of Input in WLAN | 201805 Qual Bulletin |
| CVE-2017-14888 | wlan host | Buffer Copy without Checking Size of Input in WLAN | 201805 Qual Bulletin |
| CVE-2017-15832 | wlan host | Buffer Overwrite | 201805 Qual Bulletin |
| CVE-2017-15854 | wlan host | Integer Overflow | 201805 Qual Bulletin |
| CVE-2017-18070 | wlan host | Integer Overflow | 201805 Qual Bulletin |
| CVE-2018-3565 | wlan host | Buffer Copy without Checking Size of Input in WLAN | 201805 Qual Bulletin |
| CVE-2018-5851 | wlan host | Improper Validation of Array Index | 201805 Qual Bulletin |
| CVE-2017-14890 | wlan host | Improper Validation of Array Index in WLAN | 201804 Qual Bulletin |
| CVE-2017-14894 | wlan host | Improper Validation of Array Index in WLAN | 201804 Qual Bulletin |
| CVE-2017-15836 | wlan host | Integer Overflow | 201804 Qual Bulletin |
| CVE-2018-3566 | wlan host | Buffer Copy without Checking Size of Input in WLAN | 201804 Qual Bulletin |
| CVE-2018-3567 | wlan host | Buffer Copy without Checking Size of Input in WLAN | 201804 Qual Bulletin |
| CVE-2018-3568 | wlan host | Buffer Copy without Checking Size of Input in WLAN | 201804 Qual Bulletin |
| CVE-2018-5828 | wlan host | Improper Restriction of Operations within the Bounds of a Memory Buffer in WLAN | 201804 Qual Bulletin |
| CVE-2017-11082 | wlan host | Buffer Copy without Checking Size of Input in WLAN | 201803 Qual Bulletin |
| CVE-2017-18148 | display | Buffer Overflow | 201803 Qual Bulletin |
| CVE-2017-14885 | wlan host | Integer Overflow to Buffer Overflow in WLAN | 201803 Qual Bulletin |
| CVE-2017-14887 | wlan host | Buffer Copy without Checking Size of Input in WLAN | 201803 Qual Bulletin |
| CVE-2017-14889 | wlan host | Improper Input Validation in WLAN | 201803 Qual Bulletin |
| CVE-2017-15821 | wlan host | Improper Input Validation in WLAN | 201803 Qual Bulletin |
| CVE-2017-15830 | wlan host | Improper Validation of Array Index in WLAN | 201803 Qual Bulletin |
| CVE-2017-15831 | wlan host | Integer Overflow | 201803 Qual Bulletin |
| CVE-2017-18150 | touch | Possible heap overwrite in touchscreen driver | 201803 Qual Bulletin |
| CVE-2017-9723 | Touch | Buffer Overflow | 201802 Qual Bulletin |
| CVE-2017-15823 | wlan host | Improper Input Validation in WLAN | 201802 Qual Bulletin |
| CVE-2017-11030 | mdss hdmi driver | Use of Out-of-range Pointer Offset in Display | 201712 Qual bulletin |
| CVE-2017-11033 | coresight-tmc driver | UAF | 201712 Qual bulletin |
| CVE-2017-9722 | mdss hdmi | Buffer Overflow | 201712 Qual bulletin |
| CVE-2016-5863 | hidev driver | Array Overflow | 201710 Qual bulletin |
| CVE-2017-6421 | touch controller driver | Buffer Overflow | 201710 Qual bulletin |
| CVE-2017-8257 | sde_rotator driver | UAF | 201710 Qual bulletin |
Huawei
| CVE Number | Type | Bulletin |
|---|---|---|
| CVE-2015-8223 | Dos | huawei advisories 2015-11 |
| CVE-2015-8679 | Dos | huawei advisories 2016-02 |
| CVE-2015-8678 | Dos | huawei advisories 2016-02 |
| CVE-2016-8768 | Elevation of privilege | huawei advisories 2016-10 |
| CVE-2015-7740 | Dos | huawei advisories 2015-11 |
| CVE-2015-8225 | Dos | huawei advisories 2015-12 |
| CVE-2015-8226 | Dos | huawei advisories 2015-12 |
| CVE-2017-0509 | Elevation of privilege | huawei advisories 2016-12 |
Exploits
| CVE Number | Feature | Device |
|---|---|---|
| CVE-2015-5165 | qemu | ubuntu |
| CVE-2015-7504 | qemu | ubuntu |
| CVE-2016-3935 | msm crypto driver | nexus 6p |
| CVE-2016-0844 | msm ipa driver | nexus 6p |
| CVE-2016-6038 | msm crypto driver | nexus 6p |
| CVE-2016-2411 | Qualcomm Power Management driver | nexus 5x |
| CVE-2016-2434 | NVIDIA video driver | nexus 9 |
| CVE-2016-2435 | NVIDIA video driver | nexus 9 |
| CVE-2016-3857 | linux kernel | nexus 7 |
| CVE-2016-2384 | double-free in USB MIDI driver | linux pc |
| CVE-2016-9793 | signedness issue with SO_SNDBUFFORCE and SO_RCVBUFFORCE socket options | linux pc |
| CVE-2017-6074 | double-free in DCCP protocol | linux pc |
| CVE-2017-7308 | signedness issue in AF_PACKET sockets | linux pc |
| CVE-2017-1000112 | memory corruption due to UFO to non-UFO path switch | linux pc |
| CVE-2018-17182 | cache invalidation bug in linux | linux pc |
| CVE-2018-18281 | uaf caused by TLB late flush | pixel2 |
| CVE-2019-13272 | PTRACE_TRACEME local root on x86-64 | ubuntu |
| CVE-2019-13272 | PTRACE_TRACEME local root on aarch64 | ubuntu |
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK