szymonh

5 exploits Active since Oct 2021
CVE-2021-39685 NOMISEC HIGH WORKING POC
Android - Out-of-bounds Write in USB Gadget Subsystem
In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210292376References: Upstream kernel
14 stars
CVSS 7.8
CVE-2022-25375 NOMISEC MEDIUM WORKING POC
Linux kernel <5.16.10 - Info Disclosure
An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory.
8 stars
CVSS 5.5
CVE-2021-3625 NOMISEC CRITICAL WORKING POC
Zephyr 2.5.0-2.6.9 - Heap-based Buffer Overflow in USB DFU DNLOAD
Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions >= v2.5.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363
7 stars
CVSS 9.6
CVE-2022-20009 NOMISEC MEDIUM WORKING POC
Android - Local Privilege Escalation
In various functions of the USB gadget subsystem, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213172319References: Upstream kernel
3 stars
CVSS 6.8
CVE-2022-25258 NOMISEC MEDIUM WORKING POC
Linux Kernel < 5.16.10 - Memory Corruption via USB Gadget Interface OS Descriptor Request
An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur.
CVSS 4.6