CVE-2016-10225

HIGH

Allwinner linux-3.4-sunxi - Local Privilege Escalation via sunxi_debug Procfs Interface

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-10225. PoCs published by h00die <[email protected]>, KotCzarny, including Metasploit module exploits/multi/local/allwinner_backdoor.

AI-analyzed exploit summary This Metasploit module exploits a debug backdoor in Allwinner SoC devices running Kernel 3.4, allowing local privilege escalation by writing to /proc/sunxi_debug/sunxi_debug. It generates and executes a payload to achieve root access.

Description

The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending "rootmydevice" to /proc/sunxi_debug/sunxi_debug.

Exploits (1)

metasploit WORKING POC EXCELLENT

by h00die <[email protected]>, KotCzarny · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/local/allwinner_backdoor.rb

View Code ZIP pw:eip

This Metasploit module exploits a debug backdoor in Allwinner SoC devices running Kernel 3.4, allowing local privilege escalation by writing to /proc/sunxi_debug/sunxi_debug. It generates and executes a payload to achieve root access.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Allwinner SoC devices (H3, A83T, H8) with Kernel 3.4

No auth needed

Prerequisites: Access to the target system · Presence of /proc/sunxi_debug/sunxi_debug

MITRE ATT&CK