Google Security Research

1,215 exploits Active since May 2013
EIP-2026-100038 EXPLOITDB text WORKING POC
LG G4 MRA58K - 'mkvparser::Tracks constructor' Failure to Initialise Pointers
EIP-2026-100037 EXPLOITDB text WRITEUP
LG G4 MRA58K - 'mkvparser::Block::Block' Heap Buffer Overflow
EIP-2026-100036 EXPLOITDB text WORKING POC
LG G4 MRA58K - 'liblg_parser_mkv.so' Bad Allocation Calls
EIP-2026-100035 EXPLOITDB text WORKING POC
LG G4 - Touchscreen Driver write_log Kernel Read/Write
EIP-2026-100034 EXPLOITDB text WORKING POC
LG G4 - lghashstorageserver Directory Traversal
EIP-2026-100033 EXPLOITDB text WORKING POC
LG G4 - lgdrmserver Binder Service Multiple Race Conditions
EIP-2026-100032 EXPLOITDB text WORKING POC
Google Android max86902 Driver - 'sysfs' Interfaces Race Condition
CVE-2016-6772 EXPLOITDB HIGH text WORKING POC
Android 5.0.2 5.1.1 6.0 6.0.1 7.0 - Elevation of Privilege via Wi-Fi
An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31856351.
CVSS 7.8
EIP-2026-100031 EXPLOITDB text WRITEUP
Google Android - Unprotected MSRs in EL1 RKP Privilege Escalation
EIP-2026-100030 EXPLOITDB text WORKING POC
Google Android - RKP Information Disclosure via s2-remapping Physical Ranges
CVE-2016-2417 EXPLOITDB CRITICAL text WORKING POC
Android < 4.4.4/5.0.2/5.1.1/2016-04-01 - Information Disclosure via Uninitialized Data
media/libmedia/IOMX.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a parameter data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26914474.
CVSS 9.8
CVE-2017-0411 EXPLOITDB HIGH text WORKING POC
Android 7.0 7.1.1 - Elevation of Privilege via Framework APIs Race Condition
An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33042690.
CVSS 7.8
EIP-2026-100029 EXPLOITDB text WORKING POC
Google Android - Insufficient Binder Message Verification Pointer Leak
CVE-2016-0846 EXPLOITDB HIGH text WORKING POC
Android <4.4.4, <5.0.2, <5.1.1, <2016-04-01 - Privilege Escalation
libs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider the heap size, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26877992.
CVSS 8.4
EIP-2026-100028 EXPLOITDB text WRITEUP
Google Android - getpidcon Usage binder Service Replacement Race Condition
CVE-2016-6689 EXPLOITDB MEDIUM text WORKING POC
Android < 7.0 - Information Exposure via Binder
Binder in the kernel in Android before 2016-10-05 on Nexus devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30768347.
CVSS 5.5
CVE-2017-0412 EXPLOITDB HIGH text WORKING POC
Android 7.0, 7.1.1 - Privilege Escalation via Framework APIs Race Condition
An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33039926.
CVSS 7.8
EIP-2026-100027 EXPLOITDB text WRITEUP
Google Android - 'rkp_set_init_page_ro' RKP Memory Corruption
EIP-2026-100026 EXPLOITDB text WRITEUP
Google Android - 'pm_qos' KASLR Bypass
CVE-2020-0009 EXPLOITDB MEDIUM text WORKING POC
Android - Incorrect Default Permissions in ashmem.c
In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-142938932
CVSS 5.5
EIP-2026-100025 EXPLOITDB text WORKING POC
Google Android - 'IOMXNodeInstance::enableNativeBuffers' Unchecked Index
EIP-2026-100024 EXPLOITDB text WORKING POC
Google Android - 'ih264d_process_intra_mb' Memory Corruption
EIP-2026-100023 EXPLOITDB text WORKING POC
Google Android - 'cfp_ropp_new_key_reenc' / 'cfp_ropp_new_key' RKP Memory Corruption
CVE-2016-2494 EXPLOITDB HIGH text WORKING POC
Android 4.x-5.1.x and 6.x before 2016-06-01 - Privilege Escalation via sdcard Off-by-One Error
Off-by-one error in sdcard/sdcard.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 28085658.
CVSS 7.8
EIP-2026-100022 EXPLOITDB text WRITEUP
Android One - mt_wifi IOCTL_GET_STRUCT Privilege Escalation