Crashing on EPOLL_CTL_DEL

Question

Crashing on EPOLL_CTL_DEL

Zoir opened this issue 5 years ago · 5 comments

Zoir commented 5 years ago

If a device crashes on doing EPOLL_CTL_DEL does that mean that the device is not vulnerable?

Answer 1 · 2019-10-05T21:07:35.000Z

I was wondering the same thing, if I wait systemui crashes, and then the device locks up.

Answer 2 · 2019-10-05T21:35:27.000Z

Ok so it looks like we need these device specific values for each device:

https://github.com/timwr/CVE-2019-2215/blob/master/poc.c#L201

Answer 3 · 2019-10-06T05:33:27.000Z

I don't think that is the issue because those values are only used after the EPOLL_CTL_DEL. I could be mistaken though.

Answer 4 · 2019-10-07T18:25:26.000Z

someone help me on it does this works on virtual device or emulator on pixel2 ?
give me email or something

Answer 5 · 2019-10-08T07:23:22.000Z

I've pushed some code that does a quick hexdump on vulnerable devices (instead of rebooting/locking them up).
We need offsets (or the ability to dynamically lookup the correct offsets) in order to get root.