Missed to report this PoC....
Now it goes public:
https://github.com/V-E-O/PoC/tree/master/CVE-2017-0641
Patch:https://android.googlesource.com/platform/external/libvpx/+/698796fc930baecf5c3fdebef17e73d5d9a58bcb
06-14 18:28:57.741 11710 11710 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
06-14 18:28:57.741 11710 11710 F DEBUG : Build fingerprint: 'google/angler/angler:7.0/NBD90X/3254009:user/release-keys'
06-14 18:28:57.741 11710 11710 F DEBUG : Revision: '0'
06-14 18:28:57.741 11710 11710 F DEBUG : ABI: 'arm'
06-14 18:28:57.742 11710 11710 F DEBUG : pid: 10085, tid: 11705, name: gle.vp9.decoder >>> media.codec <<<
06-14 18:28:57.742 11710 11710 F DEBUG : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0
06-14 18:28:57.742 11710 11710 F DEBUG : r0 00000000 r1 00000000 r2 0ad3c210 r3 00000000
06-14 18:28:57.742 11710 11710 F DEBUG : r4 f2672fa0 r5 0000e304 r6 0000c30d r7 0000c30c
06-14 18:28:57.742 11710 11710 F DEBUG : r8 f2677404 r9 f1b039d4 sl f2672fa0 fp f2672fa0
06-14 18:28:57.742 11710 11710 F DEBUG : ip 00000000 sp f1b038d4 lr f3011ad4 pc f3f8a6e4 cpsr 200f0010
06-14 18:28:57.746 11710 11710 F DEBUG :
06-14 18:28:57.746 11710 11710 F DEBUG : backtrace:
06-14 18:28:57.746 11710 11710 F DEBUG : #00 pc 000176e4 /system/lib/libc.so (memset+48)
06-14 18:28:57.746 11710 11710 F DEBUG : #01 pc 0001dad0 /system/lib/libstagefright_soft_vpxdec.so
06-14 18:28:57.746 11710 11710 F DEBUG : #02 pc 00013b3c /system/lib/libstagefright_soft_vpxdec.so (vp9_init_context_buffers+12)
06-14 18:28:57.746 11710 11710 F DEBUG : #03 pc 00017ab0 /system/lib/libstagefright_soft_vpxdec.so
06-14 18:28:57.746 11710 11710 F DEBUG : #04 pc 000178f0 /system/lib/libstagefright_soft_vpxdec.so
06-14 18:28:57.746 11710 11710 F DEBUG : #05 pc 00014248 /system/lib/libstagefright_soft_vpxdec.so (vp9_decode_frame+1068)
06-14 18:28:57.746 11710 11710 F DEBUG : #06 pc 0001e228 /system/lib/libstagefright_soft_vpxdec.so (vp9_receive_compressed_data+1104)
06-14 18:28:57.746 11710 11710 F DEBUG : #07 pc 0000f604 /system/lib/libstagefright_soft_vpxdec.so
06-14 18:28:57.746 11710 11710 F DEBUG : #08 pc 00010348 /system/lib/libstagefright_soft_vpxdec.so
06-14 18:28:57.746 11710 11710 F DEBUG : #09 pc 0000f4c8 /system/lib/libstagefright_soft_vpxdec.so
06-14 18:28:57.746 11710 11710 F DEBUG : #10 pc 0000e150 /system/lib/libstagefright_soft_vpxdec.so
06-14 18:28:57.746 11710 11710 F DEBUG : #11 pc 0000fbe4 /system/lib/libstagefright_soft_vpxdec.so (vpx_codec_decode+100)
06-14 18:28:57.746 11710 11710 F DEBUG : #12 pc 0000c6eb /system/lib/libstagefright_soft_vpxdec.so (_ZN7android7SoftVPX13onQueueFilledEj+298)
06-14 18:28:57.746 11710 11710 F DEBUG : #13 pc 0002223d /system/lib/libstagefright_omx.so (_ZN7android22SimpleSoftOMXComponent17onMessageReceivedERKNS_2spINS_8AMessageEEE+272)
06-14 18:28:57.746 11710 11710 F DEBUG : #14 pc 0002325d /system/lib/libstagefright_omx.so
06-14 18:28:57.746 11710 11710 F DEBUG : #15 pc 0000ea25 /system/lib/libstagefright_foundation.so (_ZN7android8AHandler14deliverMessageERKNS_2spINS_8AMessageEEE+24)
06-14 18:28:57.746 11710 11710 F DEBUG : #16 pc 00010bf5 /system/lib/libstagefright_foundation.so (_ZN7android8AMessage7deliverEv+60)
06-14 18:28:57.746 11710 11710 F DEBUG : #17 pc 0000f58d /system/lib/libstagefright_foundation.so (_ZN7android7ALooper4loopEv+380)
06-14 18:28:57.746 11710 11710 F DEBUG : #18 pc 0000e3c5 /system/lib/libutils.so (_ZN7android6Thread11_threadLoopEPv+264)
06-14 18:28:57.746 11710 11710 F DEBUG : #19 pc 00047003 /system/lib/libc.so (_ZL15__pthread_startPv+22)
06-14 18:28:57.746 11710 11710 F DEBUG : #20 pc 00019e1d /system/lib/libc.so (__start_thread+6)
订阅:
博文评论 (Atom)
Google Pixel modem.img mod for Chinese carriers
Carriers in China like China Telecom was stuck on CSFB mode of 4G NOT globally popular VOLTE mode, so most cell-phones not selling in China ...
-
Carriers in China like China Telecom was stuck on CSFB mode of 4G NOT globally popular VOLTE mode, so most cell-phones not selling in China ...
-
BBR is a new congestion control algorithm developed at Google, which was supported in Linux 4.9. Arch may be needed to switch to testing ...
-
Thanks to the great findings of CVE-2016-5195, you can check the detail in the link. Dirty COW vulnerability: https://dirtycow.ninja/ PoC...
没有评论:
发表评论