sparrow-labz

2 exploits Active since Oct 2020
CVE-2020-0423 NOMISEC HIGH WORKING POC
Android - Use-After-Free in binder_release_work
In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-161151868References: N/A
5 stars
CVSS 7.8
CVE-2020-11179 NOMISEC HIGH WORKING POC
Qualcomm PM8350 - Out-of-bounds Read and Arbitrary Write via Ring Buffer Pointer Overwrite
Arbitrary read and write to kernel addresses by temporarily overwriting ring buffer pointer and creating a race condition. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
5 stars
CVSS 7.0