CVE-2019-14041 PoC — 多款Qualcomm产品缓冲区错误漏洞

Source

https://github.com/tamirzb/CVE-2019-14041

Associated Vulnerability

Title:多款Qualcomm产品缓冲区错误漏洞 (CVE-2019-14041)
Description:Qualcomm MDM9206等都是美国高通（Qualcomm）公司的产品。MDM9206是一款中央处理器（CPU）产品。MDM9607是一款中央处理器（CPU）产品。SDX24是一款调制解调器。多款Qualcomm产品中的QTEE存在缓冲区错误漏洞，该漏洞源于在更新消息时程序没有对缓冲区的大小进行验证。攻击者可借助特制的文件利用该漏洞在系统上执行任意代码。以下产品及版本受到影响：Qualcomm APQ8009；APQ8017；APQ8053；APQ8096AU；APQ8098；MDM9206；MD

Description

PoC code for CVE-2019-14041

Readme

# CVE-2019-14041

Proof-of-concept code for CVE-2019-14041

More details about the vulnerability are available [in the blog post](https://blog.zimperium.com/multiple-kernel-vulnerabilities-affecting-all-qualcomm-devices).

If you have any questions, you are welcome to DM me on Twitter ([@tamir_zb](https://twitter.com/tamir_zb)).

## Build & Run

In order to build, run Android NDK's `ndk-build`.

In order to run the PoC, make sure to run it from a context where
`/dev/qseecom` is accessible.

## Result

Running this on a Pixel 3 running Android 9 causes the kernel to panic. In
theory this PoC should work on other Android devices and versions without any
modifications but I have not tested it.

File Snapshot


 [4.0K]  /data/pocs/842f35dbff5d9cca96aa2f3ffeaec288f2459313
├── [4.0K]  jni
│   ├── [ 143]  Android.mk
│   ├── [6.3K]  ion.h
│   ├── [6.0K]  msm_ion.h
│   ├── [ 11K]  qseecom.h
│   └── [5.7K]  qseecom_race.c
├── [ 34K]  LICENSE
└── [ 700]  README.md

1 directory, 7 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!