mods: maybe this could get moved to Android Dev and Hacking/Misc Dev? This is my first post, and there's a minimum 10 post rule to post on the dev forums. I searched the forums and could not find a similar post, and it could be useful for ROM hackers.
I've been keeping track of a few upcoming risky vulnerabilities that modern devices may be vulnerable to, and possible patches. For those of you that embed custom kernels in your ROM, or want a secure kernel for your custom ROM, this should be useful. Hopefully we can have people chime in and post patches they think are needed. Now, these may be commonly used to root your device, but for those of you creating pre-rooted ROMs, you will probably want the patch to protect your devices from malicious activity.
http://www.cvedetails.com/cve/CVE-2012-4220/ also 4221 and 4222:
affects Android versions from 2.3 to 4.2 with a Qualcomm processor
patch here: https://www.codeaurora.org/particip...es/cve-2012-4220-cve-2012-4221-cve-2012-4222/
code execution, local priv, DoS
http://www.cvedetails.com/cve/CVE-2011-3874/
the infamous zergRush exploit for the vulnerability in libsysutils.so
PoC: https://github.com/revolutionary/zergRush/blob/master/zergRush.c
patch: http://code.google.com/p/android/issues/attachmentText?id=21681&aid=216810001000&name=patch.diff&token=zyMox2r00ZIPN7qD_zdjHy2cf10%3A1358973107051
affects Froyo and Gingerbread, which a lot of people are still working with. As a ROM dev, you might not be working with older Android versions, but this allows code execution.
samsung exynos flaw - I don't see a CVE for this yet
http://forum.xda-developers.com/showthread.php?t=2048511
"This device is R/W by all users and give access to all physical memory"
patch here, but another patch in that thread as well: http://review.cyanogenmod.org/#/c/29910/
"Ram dump, kernel code injection and others could be possible via app installation from Play Store" ouch
2012 CVEs:
http://www.cvedetails.com/vulnerabi...roduct_id-19997/year-2012/Google-Android.html
Anyone else know some good vulns and patches??
Hope this is helpful!
ogresavage said:
mods: maybe this could get moved to Android Dev and Hacking/Misc Dev? This is my first post, and there's a minimum 10 post rule to post on the dev forums. I searched the forums and could not find a similar post, and it could be useful for ROM hackers.
I've been keeping track of a few upcoming risky vulnerabilities that modern devices may be vulnerable to, and possible patches. For those of you that embed custom kernels in your ROM, or want a secure kernel for your custom ROM, this should be useful. Hopefully we can have people chime in and post patches they think are needed. Now, these may be commonly used to root your device, but for those of you creating pre-rooted ROMs, you will probably want the patch to protect your devices from malicious activity.
http://www.cvedetails.com/cve/CVE-2012-4220/ also 4221 and 4222:
affects Android versions from 2.3 to 4.2 with a Qualcomm processor
patch here: https://www.codeaurora.org/particip...es/cve-2012-4220-cve-2012-4221-cve-2012-4222/
code execution, local priv, DoS
http://www.cvedetails.com/cve/CVE-2011-3874/
the infamous zergRush exploit for the vulnerability in libsysutils.so
PoC: https://github.com/revolutionary/zergRush/blob/master/zergRush.c
patch: http://code.google.com/p/android/issues/attachmentText?id=21681&aid=216810001000&name=patch.diff&token=zyMox2r00ZIPN7qD_zdjHy2cf10%3A1358973107051
affects Froyo and Gingerbread, which a lot of people are still working with. As a ROM dev, you might not be working with older Android versions, but this allows code execution.
samsung exynos flaw - I don't see a CVE for this yet
http://forum.xda-developers.com/showthread.php?t=2048511
"This device is R/W by all users and give access to all physical memory"
patch here, but another patch in that thread as well: http://review.cyanogenmod.org/#/c/29910/
"Ram dump, kernel code injection and others could be possible via app installation from Play Store" ouch
2012 CVEs:
http://www.cvedetails.com/vulnerabi...roduct_id-19997/year-2012/Google-Android.html
Anyone else know some good vulns and patches??
Hope this is helpful!
Click to expand...
Click to collapse
I just installed Belarc Security and it discovered the first issues with the two others, 4220. 4221, 4222, not sure if I should be concerned...
Hi all,
Today I'm pleased to announce a fix for stagefright's security flaws, which doesn't require to disable stagefright, and doesn't require stagefright sources either.
The sources, including a detailed README is available at:
https://github.com/archos-sa/security-binary/tree/master/stagefright-ANDROID-20139950
The purpose of this contribution is to propose a systematic approach able to quickly to re-generate firmwares that addresses the 2015 libstagefright CVEs by relying on binary patching method.
This method is relevant when dealing with platforms for which the source code has not been released publicly.
This proposed process is illustrated with 2015 libstagefright CVEs but can be further extended to capture other upcoming security fixes.
Surprisingly these fixes do not pass the Zimperium vulnerability test apk because this apk directly checks libstagefright.so without going through Mediaserver.
Obviously this is not intended for Cyanogenmod type of ROMd that most likely already implement proper fixes in their source code.
Included in the git tree are some prebuilts files, targetting AOSP 4.2, 4.4, and MTK baseline 4.2 and 4.4.
This has been tested on Nexus 4 4.4 (aosp4.4 prebuilt), a spreadtrum 4.4 device (aosp 4.4 prebuilt), several mtk 4.2 and 4.4 devices (mtk4.2 and mtk4.4 prebuilts). I believe it should work as-is on Qualcomm-baseline 4.4 as well (aosp4.4 prebuilt).
I am trying to run a program which require at least kernel version of 3.11 and so far now I cannot find any android phone devices which fullfil this requirement. Furthermore I need a list of devices for which cyanogenmod official/unofficial is available alongwith kernel source code. I would really appreciated the developers on this forum to put those devices.
Thanks alot.....
So Recently i have read that the MTK chipsets do not support open source and are therefore mocked at by several users, I just want to ask that NOT SUPPORTING open source means that after rooting the phone having an MTK chipset will we able to customize it as we want like installing a new custom ROM or installing battery enhancer apps or even using Xposed Modules???? PLEASE ANSWER LOOKING FORWARD TO BUY THE REAL ME 1.
Google released the patch ASB-2019-08-05 that fix several bugs that could allow for escalation of privilege.
https://source.android.com/security/bulletin/2019-08-01.html
Those are:
CVE-2019-2120
CVE-2019-2121
CVE-2019-2122
CVE-2019-2125
CVE-2019-2128
CVE-2019-2131
CVE-2019-2132
CVE-2019-2133
CVE-2019-2134
CVE-2019-2127
The patch commit is located here:
https://android.googlesource.com/kernel/common/+/refs/tags/ASB-2019-08-05_4.4
and diffs here:
https://android.googlesource.com/ke...19-08-05_4.4^1..refs/tags/ASB-2019-08-05_4.4/
or
https://android.googlesource.com/ke...19-08-05_4.4^2..refs/tags/ASB-2019-08-05_4.4/
For those who did not apply the patch, it's a chance to root devices, like me who have a locked Verizon Pixel 2 XL.
I'm sharing the idea here in case someone can do it quicker, as I know there are people here with much more hacking knowledge than me.
Anyway, I will look into how to exploit it to get root privilege.