Mathias Payer

4 exploits Active since Dec 2018
CVE-2022-20361 NOMISEC CRITICAL WORKING POC
Android - Privilege Escalation
In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerability in Cross-Transport Key Derivation due to Weakness in Bluetooth Standard. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-231161832
19 stars
CVSS 9.8
CVE-2020-15802 NOMISEC MEDIUM WORKING POC
Bluetooth Core Specification < 5.1 - Authentication Bypass
Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace a bonding already established on the opposing transport, BR/EDR or LE, potentially overwriting an authenticated key with an unauthenticated key, or a key with greater entropy with one with less.
19 stars
CVSS 5.9
CVE-2018-19824 WRITEUP HIGH WRITEUP
Linux kernel <4.19.6 - Use After Free
In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.
CVSS 7.8
CVE-2018-20169 WRITEUP MEDIUM WRITEUP
Linux kernel <4.19.9 - Buffer Overflow
An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.
CVSS 6.8