Scott Bauer

6 exploits Active since Aug 2016
CVE-2017-8260 GITHUB HIGH c WORKING POC
Google Android - Out-of-Bounds Write
In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later.
682 stars
CVSS 7.8
CVE-2017-0576 GITHUB HIGH c WORKING POC
Linux Kernel - Integer Overflow
An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33544431. References: QC-CR#1103089.
87 stars
CVSS 7.0
CVE-2016-6516 NOMISEC HIGH WORKING POC
Linux Kernel <4.7 - Privilege Escalation
Race condition in the ioctl_file_dedupe_range function in fs/ioctl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (heap-based buffer overflow) or possibly gain privileges by changing a certain count value, aka a "double fetch" vulnerability.
9 stars
CVSS 7.4
CVE-2017-0576 WRITEUP HIGH WORKING POC
Linux Kernel - Integer Overflow
An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33544431. References: QC-CR#1103089.
CVSS 7.0
CVE-2017-8260 WRITEUP HIGH WORKING POC
Google Android - Out-of-Bounds Write
In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later.
CVSS 7.8
CVE-2018-16658 WRITEUP MEDIUM WRITEUP
Linux kernel <4.18.6 - Info Disclosure
An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940.
CVSS 6.1