Edward Hung

4 exploits Active since Aug 2015
CVE-2015-6640 NOMISEC HIGH WORKING POC
Android < 5.1.1 LMY49F and 6.0 < 2016-01-01 - Privilege Escalation or Denial of Service via VMA List Corruption
The prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or cause a denial of service (vma list corruption) via a crafted application, aka internal bug 20017123.
11 stars
CVSS 7.8
CVE-2015-6637 NOMISEC HIGH WORKING POC
Android < 5.1.1 LMY49F and 6.0 < 2016-01-01 - Privilege Escalation via MediaTek misc-sd Driver
The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013.
7 stars
CVSS 7.8
CVE-2015-0568 NOMISEC HIGH WORKING POC
Linux Kernel 3.0-3.19.8 - Use-After-Free in MSM-Camera Driver via ioctl Call
Use-after-free vulnerability in the msm_set_crop function in drivers/media/video/msm/msm_camera.c in the MSM-Camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that makes a crafted ioctl call.
4 stars
CVSS 7.8
CVE-2015-3636 NOMISEC WORKING POC
Linux kernel <4.0.3 - Use After Free
The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.
4 stars