Skip to content
Branch: master
Find file History
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
Android.mk
Application.mk add exploits for CVE-2018-18281 Mar 4, 2019
arm_shellcode.s add exploits for CVE-2018-18281 Mar 4, 2019
compile.sh add exploits for CVE-2018-18281 Mar 4, 2019
exp.c
makefile add exploits for CVE-2018-18281 Mar 4, 2019
readme.md
watchdog.c modify readme.md for CVE-2018-18281 Mar 6, 2019

readme.md

the bug

CVE-2018-18281 is a linux kernel UAF caused by TLB late flush

the author

Jann Horn is a security researcher from project zero, I change his exploit into a pure c project and kick the java app part out.

where the exp was tested

It was tested in pixel2 with fingerprint: google/walleye/walleye:9/PQ1A.181105.017.A1/5081125:user/release-keys

how to use

  • run "sh compile.sh" to build the exploit
  • run "adb push libs/arm64-v8a/_exp /data/local/tmp/"
  • run "adb push libs/arm64-v8a/exp /data/local/tmp/"
  • adb shell to login pixel2 and run '/data/local/tmp/exp'

analysis about the bug && exploit

analysis of CVE-2018-18281 in chinese

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.