As a part of the KNOX extensions available on Samsung devices, Samsung provides a TrustZone trustlet which allows the generation of OTP tokens. The OTP TrustZone trustlet suffers from a stack buffer overflow.
d251f615016ad2f13d1ac6b46b510c797add40d6d16be9da1091512713543876
Samsung's lkmauth feature suffers from a kernel module verification bypass vulnerability.
d3e8df02ad2ff3dcdcf65ecac7602a7b7a92dabfacf78b38ce1d773ee6732c0d
As a part of the KNOX extensions available on Samsung devices, Samsung provides a new service which allows the generation of OTP tokens and suffers from a heap overflow vulnerability.
5c188675a5f0bb9b4a4a2e92aeb5426c41a9d970faee7de29a34102d938f6483
Stack buffer overflow and information disclosure vulnerabilities exist in the Samsung OTP TrustZone trustlet via OTP_GET_CRYPTO_DERIVED_KEY.
4be8f76a129448aa3f0cabbae41989cd16d89dc95b8f9b129a48d198c0e109be
Android suffers from a heap overflow vulnerability in the tlc_server via the LOAD_TUI_RESOURCE command.
86e702bdd1d488d4d30b48a6d40d70980efaf82cea8187080028d215fe150b1f
As of Android Nougat, a new set of SELinux rules have been added which are designed to prevent system_server from loading arbitrary code into its address-space. However, as system_server is extremely privileged, there are a few vectors through which it may still load arbitrary code, thus bypassing the mitigation mentioned above.
24c10a0d6f4d42cf96eb11a1f2c3700f98a0275e04324e2cd9fff3a0af399fed
Because of a design bug in IOMX, the user-supplied sizes in the GET_PARAMETER and SET_PARAMETER calls ar e discarded before calling in to the responsible OMX code-paths. This has led to a variety of overflow-type bugs.
245303f62a985e2c7f94eea5fb4db0d07c7e4c06a7618c0e4bce59602d707a4c
Bitmap objects can be passed between processes by flattening them to a Parcel in one process and un-flattening them in another. In order to conserve memory, there exists a code path which allows Bitmaps to be shared between processes by providing an ashmem-mapped file descriptor containing the Bitmap's raw pixel data. The android.graphics.Bitmap class illegally assumes that the size of the ashmem region provided by the user matches the actual underlying size of the Bitmap.
043a3329589da90bcd2c6c0063a9bb264211f6a7b9a85049fc1e91ac861f231e
Local privilege escalation exploit for Qualcomm's Secure Execution Environment (QSEE) that leverages PRDiag* commands.
5b72bda07562bc29d06783e77f7af87f375f1b00dbff74e3b5d146090d024e10