chengjia4574

32 exploits Active since Feb 2016
CVE-2017-8244 GITHUB HIGH c WORKING POC
Google Android - Race Condition
In core_info_read and inst_info_read in all Android releases from CAF using the Linux kernel, variable "dbg_buf", "dbg_buf->curr" and "dbg_buf->filled_size" could be modified by different threads at the same time, but they are not protected with mutex or locks. Buffer overflow is possible on race conditions. "buffer->curr" itself could also be overwritten, which means that it may point to anywhere of kernel memory (for write).
8 stars
CVSS 7.0
CVE-2017-8266 GITHUB HIGH c WORKING POC
Google Android - Race Condition
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition.
8 stars
CVSS 7.0
CVE-2017-8270 GITHUB HIGH c WORKING POC
Google Android - Race Condition
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a driver potentially leading to a use-after-free condition.
8 stars
CVSS 7.0
CVE-2017-9691 GITHUB MEDIUM c WORKING POC
Android for MSM/Firefox OS for MSM/QRD Android - Memory Corruption
There is a race condition in Android for MSM, Firefox OS for MSM, and QRD Android that allows to access to already free'd memory in the debug message output functionality contained within the mobicore driver.
8 stars
CVSS 4.7
CVE-2019-13272 GITHUB HIGH c WORKING POC
Linux Polkit pkexec helper PTRACE_TRACEME local root exploit
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
8 stars
CVSS 7.8
CVE-2016-3866 GITHUB HIGH c WORKING POC
Qualcomm sound driver - Privilege Escalation
The Qualcomm sound driver in Android before 2016-09-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28868303 and Qualcomm internal bug CR1032820.
8 stars
CVSS 7.8
CVE-2016-5195 GITHUB HIGH c WORKING POC
Canonical Ubuntu Linux < 3.2.83 - Race Condition
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
8 stars
CVSS 7.0