CVE-2021-39685

EIP tracks 1 public exploit for CVE-2021-39685. PoCs published by szymonh.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2021-39685, which allows an attacker to read or write up to 65k bytes of kernel memory by exploiting improper handling of wLength in USB gadget control request handlers (rndis, hid, uac1, uac1_legacy, uac2). The provided Python script demonstrates memory dumping and arbitrary write capabilities.

In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210292376References: Upstream kernel