EIP-2026-100022

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100022. PoCs published by Google Security Research.

AI-analyzed exploit summary This is a technical writeup detailing a privilege escalation vulnerability in the Android One (sprout) wireless driver due to an unsafe copy_from_user operation in the IOCTL_GET_STRUCT handler. The analysis includes kernel crash logs and references a PoC (hello-jni.tar.gz) that redirects execution to 0x40404040, demonstrating arbitrary code execution.

Description

Android One - mt_wifi IOCTL_GET_STRUCT Privilege Escalation

Exploits (1)

exploitdb WRITEUP VERIFIED

by Google Security Research · textdosandroid

https://www.exploit-db.com/exploits/39629

View Code ZIP pw:eip

This is a technical writeup detailing a privilege escalation vulnerability in the Android One (sprout) wireless driver due to an unsafe copy_from_user operation in the IOCTL_GET_STRUCT handler. The analysis includes kernel crash logs and references a PoC (hello-jni.tar.gz) that redirects execution to 0x40404040, demonstrating arbitrary code execution.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Android One (sprout) wireless driver (kernel 3.10.57)

No auth needed

Prerequisites: Android device with vulnerable wireless driver · App with android.permission.INTERNET

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Android One - mt_wifi IOCTL_GET_STRUCT Privilege Escalation

Exploitation Summary

Description

Exploits (1)

Details