Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-4322 PoC — QSEECOM driver for the Linux kernel 安全漏洞

Source
https://github.com/retme7/CVE-2014-4322_poc
Associated Vulnerability
Title:QSEECOM driver for the Linux kernel 安全漏洞 (CVE-2014-4322)
Description:Android contributions for MSM是一个Android的MSM项目,该项目的主要目的是建立一个包含高通MSM芯片组的Android平台。QSEECOM driver是一个提供了ioctl系统调用接口到用户空间的客户端进行通信的驱动程序。 Qualcomm Innovation Center(QuIC)Android contributions for MSM设备中使用的QSEECOM driver for the Linux kernel 3.x版本中的drivers/misc/q
Description
Gain privileges:system -> root,as a part of  https://github.com/retme7/CVE-2014-7911_poc
Readme
# CVE-2014-4322_poc

poc code works on Nexus Android 4.4/5.0
Gain privileges:system -> root,as a part of  https://github.com/retme7/CVE-2014-7911_poc

author:  retme  (retme7@gmail.com)  

@returnsme on twitter & @retme on weibo

website: retme.net

The exploit must be excuted as system privilege and  several specific  SELinux  context.
If exploit successed,you will gain root privilege and "kernel" SELinux  context

# bug info
https://www.codeaurora.org/projects/security-advisories/memory-corruption-qseecom-driver-cve-2014-4322

#how to build
  ndk-build

#usage 

* Kitkat:

run  exploit as  system privilege

* Lolipop:

run  exploit as  system privilege,with SELinux context  such as "keystore","vold","drmserver","mediaserver","surfaceflinger"

If exploit successed,you will gain root privilege and "kernel" SELinux  context
File Snapshot

 [4.0K]  /data/pocs/fd7f5bce49f5f5aae838b4af271daf2b5e76323e
├── [4.0K]  jni
│   ├── [ 280]  Android.mk
│   ├── [  61]  Application.mk
│   ├── [ 14K]  msm.c
│   ├── [6.2K]  qseecom.h
│   └── [ 238]  shellcode.S
├── [ 11K]  kernel.h
├── [4.0K]  libs
│   └── [4.0K]  armeabi
│       └── [ 13K]  msdd
├── [4.0K]  obj
│   └── [4.0K]  local
│       └── [4.0K]  armeabi
│           ├── [ 48K]  msdd
│           └── [4.0K]  objs
│               └── [4.0K]  msdd
│                   ├── [ 22K]  msm.o
│                   ├── [ 29K]  msm.o.d
│                   ├── [1.4K]  shellcode.o
│                   └── [ 563]  shellcode.o.d
└── [ 835]  README.md

8 directories, 13 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.