Back to all years

2012

TacoRoot

(json)

• CVE numbers:
• Coordinated disclosure?: false
• Categories: permissions
• Details: HTC recovery log on some devices is world writable and so can be deleted and symlinked to /data/local.prop to allow root on reboot, this is a appears to be a unstable exploit and requires the user to reboot into recovery mode [gh-cunninglogic-tacoroot][archived]
• Discovered by: Justin Case (jcase) and Dan Rosenberg [gh-cunninglogic-tacoroot-sh][archived] on: 2012-01-01 [gh-cunninglogic-tacoroot-fc]
• Reported on: 2011-12-29 [rootzwiki-tacoroot][archived]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: HTC [rootzwiki-tacoroot][archived]
• Fixed versions:
• Submission: by: Daniel R. Thomas, on: 2014-07-21; by: Thomas Coudray, on: 2014-03-07

NachoRoot

(json)

• CVE numbers:
• Coordinated disclosure?: false
• Categories: permissions
• Details: On ASUS Transformer Pime /data/sensors/AMI304_Config.ini is set world writable on boot and so a /data/local.prop symlink attack can be mounted [gh-cunninglogic-nachoroot-sh][archived]
• Discovered by: Justin Case (jcase) [gh-cunninglogic-nachoroot-sh][archived] on: 2012-01-03 [gh-cunninglogic-nachoroot]
• Reported on: 2012-01-03 [xda-nachoroot]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices: ASUS Transformer Prime [gh-cunninglogic-nachoroot]
• Affected manufacturers: Asus [gh-cunninglogic-nachoroot]
• Fixed versions:
• Submission: by: Daniel R. Thomas, on: 2014-07-21; by: Thomas Coudray, on: 2014-03-07

TPSparkyRoot

(json)

• CVE numbers:
• Coordinated disclosure?: false
• Categories: system
• Details: A bug in chmod, mkdir and chown mean that they fail when the last element of their target path is a symlink [android-commit-tpsparkyroot]
• Discovered by: sparkym3 [xda-forum-tpsparkyroot] on: Unknown
• Reported on: 2012-01-11 [xda-forum-tpsparkyroot]
• Fixed on: Unknown
• Fix released on: 2012-05-02 [android-commit-tpsparkyroot]
• Affected versions: 4.0-4.0.4 [citation-needed] regex: 4.0.[0-4]
• Affected devices:
• Affected manufacturers:
• Fixed versions: 4.0.4_r2 [android-commit-tpsparkyroot]
• Submission: by: Daniel Carter, on: 2019-07-03

mempodroid - mempodripper - mem exploit

(json)

• CVE numbers: CVE-2012-0056 [mempodroid-cve-mitre]
• Coordinated disclosure?: false
• Categories: kernel
• Details: The mem_write function in the Linux kernel does not properly check permissions, allowing a user to gain privileges [mempodroid-cve-mitre]
• Discovered by: Jay Freeman (saurik) [xda-forum-mempodroid] on: 2012-01-24 [xda-forum-mempodroid]
• Reported on: 2012-01-24 [xda-forum-mempodroid]
• Fixed on: 2012-01-17 [citation-needed]
• Fix released on: Unknown
• Affected versions: 4.0.1-4.0.3 [citation-needed] regex: 4.0.[1-3]
• Affected devices: Acer A200 Tablet, Galaxy Nexus, Motorola RAZR, Nexus S, Asus Transformer Prime [android-paper]
• Affected manufacturers: Acer [android-paper], Samsung [android-paper], Motorola [android-paper], Asus [android-paper]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-03

Qualcomm Integer oveflow diagnostics

(json)

• CVE numbers: CVE-2012-4220 [CVE-2012-4220], CVE-2012-4221 [CVE-2012-4221], CVE-2012-4222 [CVE-2012-4222]
• Coordinated disclosure?: true
• Categories: kernel
• Details: QCIR-2012-00001-1: Multiple security vulnerabilities have been discovered in the handling of the diagchar_ioctl() and kgsl_ioctl() system call parameters for the diagnostics (DIAG) and KGSL graphics kernel drivers for Android. [QCIR-2012-00001-1][archived]
• Discovered by: giantpune@gmail.com [QCIR-2012-00001-1][archived] on: 2012-04-30 [giantpune-email0]
• Reported on: 2012-11-15 [QCIR-2012-00001-1][archived]
• Fixed on: 2012-11-16 [QCIR-2012-00001-1][archived]
• Fix released on: Unknown
• Affected versions: 2.3 -- 4.2 released from CAF [QCIR-2012-00001-1][archived] regex:
• Affected devices:
• Affected manufacturers: Qualcomm [QCIR-2012-00001-1][archived]
• Fixed versions:
• Submission: by: Daniel R. Thomas, on: 2013-09-02; by: giantpune, on: 2014-10-17

Qualcomm missing checks put_user get_user

(json)

• CVE numbers: CVE-2013-6282 [QCIR-2013-00010-1][archived]
• Coordinated disclosure?: false
• Categories: kernel
• Details: Missing access checks in put_user/get_user kernel API (CVE-2013-6282 QCIR-2013-00010-1): The get_user and put_user API functions of the Linux kernel fail to validate the target address when being used on ARM v6k/v7 platforms. This functionality was originally implemented and controlled by the domain switching feature (CONFIG_CPU_USE_DOMAINS), which has been deprecated due to architectural changes. As a result, any kernel code using these API functions may introduce a security issue where none existed before. This allows an application to read and write kernel memory to, e.g., escalated privileges. [QCIR-2013-00010-1][archived]
• Discovered by: Unknown, used in vroot exploit [QCIR-2013-00010-1][archived] on: 2013-09-06 [xda-developers-vroot]
• Reported on: 2013-09-06 [xda-developers-vroot]
• Fixed on: 2012-09-07 [msm-check_user_pointer-patch], 2013-07-15 [msm-check_user_pointer-patch]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: Qualcomm [QCIR-2013-00010-1][archived]
• Fixed versions:
• Submission: by: Daniel R. Thomas, on: 2013-11-20

Samsung GPU DMA

(json)

• CVE numbers:
• Coordinated disclosure?: true
• Categories: kernel
• Details: [talks.cam-46303]
• Discovered by: Janis Danisevskis janis@sec.t-labs.tu-berlin.de from Technische Universität Berlin [citation-needed] on: 2012-09-30 [citation-needed]
• Reported on: 2013-04-04 [citation-needed]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: Samsung [citation-needed]
• Fixed versions:
• Submission:

LG Lit

(json)

• CVE numbers:
• Coordinated disclosure?: true
• Categories: kernel
• Details: Bug in LG backlight driver allows gaining root from local user [androidforums-lit][archived]
• Discovered by: giantpune [giantpune-email0] on: 2012-10-31 [giantpune-email0]
• Reported on: 2012-10-25 [androidforums-lit][archived]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices: LG LM3530 backlight driver devices [androidforums-lit][archived], L38C [androidforums-lit-package][archived]
• Affected manufacturers: LG [androidforums-lit][archived]
• Fixed versions:
• Submission: by: giantpune, on: 2014-10-17

JavaScript to Java

(json)

• CVE numbers: CVE-2012-6636 [js-to-java-cve]
• Coordinated disclosure?: unknown
• Categories: system
• Details: The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that is loaded into the WebView component in an application targeted to API level 16 or earlier, a related issue to CVE-2013-4710. [js-to-java-cve]
• Discovered by: on: Unknown
• Reported on: 2012-12-21 [d3adend-js-to-java][archived]
• Fixed on: Unknown
• Fix released on: 2012-10-29 [js-to-java-paper]
• Affected versions: 4.1 and below [d3adend-js-to-java][archived] regex: ([1-3].[0-9].[0-9])|(4.[0-1].[0-9])
• Affected devices: all [js-to-java-paper]
• Affected manufacturers: all [js-to-java-paper]
• Fixed versions: 4.2 and above (additional fix in 4.4.3 [js-to-java-paper]
• Submission: by: Daniel Carter, on: 2019-07-30

camera-isp - camera-sysr - Vcodec

(json)

• CVE numbers:
• Coordinated disclosure?: false
• Categories: system
• Details: An exploit on MTK-based devices using the Framaroot app. Actually consists of three exploits: Boromir (camera-isp), Faramir (camera-sysr) and Barahir (Vcodec). [boromir-techglobule][archived]
• Discovered by: alephzain [azimuth-exynos][archived] on: Unknown
• Reported on: 2012-12-15 [azimuth-exynos][archived]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: 4.0 (and possibly some later version [azimuth-exynos][archived] regex:
• Affected devices: Many MTK-based devices [xda-framaroot-devices][archived]
• Affected manufacturers: Samsung [azimuth-exynos][archived]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-08

exynosroot

(json)

• CVE numbers: CVE-2012-6422 [nist-exynosroot]
• Coordinated disclosure?: false
• Categories: system
• Details: A driver/kernel vulnerability allows the device /dev/exynos-mem access to all physical memory, meaning that any library with access to it can obtain root access [xda-developers-exynosroot]
• Discovered by: alephzain [xda-developers-exynosroot] on: Unknown
• Reported on: 2012-12-15 [xda-developers-exynosroot]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: 4.0 (and possibly some later version [azimuth-exynos][archived] regex:
• Affected devices: Samsung Galaxy S2 [xda-developers-exynosroot], Samsung Galaxy Note 2 [xda-developers-exynosroot], MEIZU MX [xda-developers-exynosroot]
• Affected manufacturers: Samsung [xda-developers-exynosroot]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-08

Diaggetroot

(json)

• CVE numbers: CVE-2012-4220 [kc-blog-diaggetroot][archived]
• Coordinated disclosure?: false
• Categories: system
• Details: A vulnerability in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver allows arbitrary code execution or denial of service via a call to diagchar_ioctl [kc-blog-diaggetroot][archived]
• Discovered by: goroh kun [android-paper], giantprune [kc-blog-diaggetroot][archived] on: Unknown
• Reported on: 2012-12-28 [xda-developers-diaggetroot]
• Fixed on: Unknown
• Fix released on: Unknown
• Affected versions: 2.3 to 4.2 [kc-blog-diaggetroot][archived] regex: (2.[3-9].[0-9])|(3.[0-9].[0-9])|(4.[0-2].[0-9])
• Affected devices: HTC J Butterfly [android-paper]
• Affected manufacturers: HTC [android-paper]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-08