Back to all manufacturers

HTC

HTC is affected by vulnerabilities that affect all Android manufacturers in addition to those listed below.

HTC has a FUM score of 2.6.

Zysploit

(json)

• CVE numbers:
• Coordinated disclosure?: false
• Categories: system
• Details: Takes advantage of a setuid vulnerability (few details available) [citation-needed]
• Discovered by: Joshua Wise [zysploit-rootwiki][archived] on: Unknown
• Reported on: 2010-09-07 [zysploit-rootwiki][archived]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: Up to 2.2 [zysploit-rootwiki][archived] regex: (1.[0-9].[0-9])|(2.[0-1].[0-9])
• Affected devices: Sprint EVO 4G (HTC Supersonic), Droid Incredible (HTC Incredible), HTC Desire GSM, HTC Desire CDMA (HTC BravoC), HTC Aria, Droid Eris (HTC DesireC), HTC Wildfire (HTC Buzz) [zysploit-rootwiki][archived]
• Affected manufacturers: HTC [zysploit-rootwiki][archived]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-03

TacoRoot

(json)

• CVE numbers:
• Coordinated disclosure?: false
• Categories: permissions
• Details: HTC recovery log on some devices is world writable and so can be deleted and symlinked to /data/local.prop to allow root on reboot, this is a appears to be a unstable exploit and requires the user to reboot into recovery mode [gh-cunninglogic-tacoroot][archived]
• Discovered by: Justin Case (jcase) and Dan Rosenberg [gh-cunninglogic-tacoroot-sh][archived] on: 2012-01-01 [gh-cunninglogic-tacoroot-fc]
• Reported on: 2011-12-29 [rootzwiki-tacoroot][archived]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: HTC [rootzwiki-tacoroot][archived]
• Fixed versions:
• Submission: by: Daniel R. Thomas, on: 2014-07-21; by: Thomas Coudray, on: 2014-03-07

Diaggetroot

(json)

• CVE numbers: CVE-2012-4220 [kc-blog-diaggetroot][archived]
• Coordinated disclosure?: false
• Categories: system
• Details: A vulnerability in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver allows arbitrary code execution or denial of service via a call to diagchar_ioctl [kc-blog-diaggetroot][archived]
• Discovered by: goroh kun [android-paper], giantprune [kc-blog-diaggetroot][archived] on: Unknown
• Reported on: 2012-12-28 [xda-developers-diaggetroot]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: 2.3 to 4.2 [kc-blog-diaggetroot][archived] regex: (2.[3-9].[0-9])|(3.[0-9].[0-9])|(4.[0-2].[0-9])
• Affected devices: HTC J Butterfly [android-paper]
• Affected manufacturers: HTC [android-paper]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-08

libperf_event

(json)

• CVE numbers: CVE-2013-2094 [cve-mitre-libperf-event]
• Coordinated disclosure?: false
• Categories: kernel
• Details: The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call. [cve-mitre-libperf-event]
• Discovered by: Hiroyuki Ikezoe [android-paper] on: Unknown
• Reported on: Unknown
• Fixed on: 2013-04-25 [linux-3-8-9-launchpad]
• Fix released on: Unknown
• Affected versions: 4.0 to 4.3.1 [android-paper] regex: (4.[0-2].[0-9])|(4.3.[0-1])
• Affected devices: Nexus 4, and some Japanese models from HTC, Fujitsu, Sharp, Sony and LG models [android-paper]
• Affected manufacturers: HTC [android-paper], Fujitsu [android-paper], Sharp [android-paper], Sony [android-paper], LG [android-paper]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-08

WeakSauce

(json)

• CVE numbers: CVE-2014-3847 [twitter-jcase-weaksaucecve]
• Coordinated disclosure?: false
• Categories:
• Details: WeakSauce is an exploit for some HTC devices. It was compatible with the HTC One m7 & m7 on Verizon [xda-developers-weaksauce]
• Discovered by: jcase [xda-developers-weaksauce] on: Unknown
• Reported on: 2014-03-29 [xda-developers-weaksauce]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices: HTC One m7 & m7 on Verizon [xda-developers-weaksauce]
• Affected manufacturers: HTC [xda-developers-weaksauce]
• Fixed versions:
• Submission: by: Daniel R. Thomas, on: 2016-03-18; by: Stephan Kollmann, on: 2015-10-14

Full TrustZone

(json)

• CVE numbers:
• Coordinated disclosure?: true
• Categories: kernel, system
• Details: A vulnerability in a modified kernel means that a series of exploits can be used to obtain access to the Trusted Execution Environment [msm8974-pt1][archived]
• Discovered by: Gal Beniamini (laginimaineb) [msm8974-pt3][archived] on: Unknown
• Reported on: 2014-09-19 [msm8974-pt3][archived]
• Fixed on: 2014-10-01 [msm8974-pt3][archived]
• Fix released on: Unknown
• Affected versions: Crafted ROM based on 4.4.4 [msm8974-pt3][archived] regex: 4.4.4
• Affected devices: All devices using the MSM8974 SoCMSM8974 SoC [msm8974-pt3][archived]
• Affected manufacturers: Samsung [msm8974-pt3][archived], HTC [msm8974-pt3][archived], LG [msm8974-pt3][archived], Sony [msm8974-pt3][archived], OnePlus [msm8974-pt3][archived], Acer [msm8974-pt3][archived], Asus [msm8974-pt3][archived], Gionee [msm8974-pt3][archived], ZTE [msm8974-pt3][archived], Sharp [msm8974-pt3][archived], Pantech [msm8974-pt3][archived], Lenovo [msm8974-pt3][archived], Oppo [msm8974-pt3][archived], Vivo [msm8974-pt3][archived], IUNI [msm8974-pt3][archived], Hisense [msm8974-pt3][archived], Coolpad [msm8974-pt3][archived], Xiaomi [msm8974-pt3][archived], InFocus [msm8974-pt3][archived]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-09

PingPongRoot

(json)

• CVE numbers: CVE-2015-3636 [avs-test-pingpong][archived]
• Coordinated disclosure?: false
• Categories:
• Details: Wen Xu and wushi of KeenTeam discovered that users allowed to create ping sockets can use them to crash the system and, on 32-bit architectures, for privilege escalation. However, by default, no users on a Debian system have access to ping sockets. [dsa-3290]
• Discovered by: Wen Xu and wushi of KeenTeam [dsa-3290] on: Unknown
• Reported on: 2015-05-08 [xda-developers-pingpongroot]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices: Samsung Galaxy S6 Edge [xda-developers-pingpongroot], HTC One (M9) [xda-developers-pingpongroot], Samsung Galaxy S6 [xda-developers-pingpongroot]
• Affected manufacturers: Samsung [xda-developers-pingpongroot], HTC [xda-developers-pingpongroot]
• Fixed versions: 5.0.2,5.1.1 [xda-developers-pingpongroot]
• Submission: by: Daniel R. Thomas, on: 2016-03-18; by: Stephan Kollmann, on: 2015-10-14

CVE-2017-0563

(json)

• CVE numbers: CVE-2017-0563 [Bulletin-CVE-2017-0563]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in HTC touchscreen driver
• Details: An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32089409. [NIST-CVE-2017-0563]
• Discovered by: Roee Hay (@roeehay) of Aleph Research, HCL Technologies [Discovery-CVE-2017-0563] on: Unknown
• Reported on: 2017-04-01 [Bulletin-CVE-2017-0563]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: HTC [Bulletin-CVE-2017-0563]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-26