CVE-2018-18281 is a linux kernel UAF caused by TLB late flush
Jann Horn is a security researcher from project zero, I change his exploit into a pure c project and kick the java app part out.
where the exp was tested
It was tested in pixel2 with fingerprint: google/walleye/walleye:9/PQ1A.181105.017.A1/5081125:user/release-keys
how to use
- run "sh compile.sh" to build the exploit
- run "adb push libs/arm64-v8a/_exp /data/local/tmp/"
- run "adb push libs/arm64-v8a/exp /data/local/tmp/"
- adb shell to login pixel2 and run '/data/local/tmp/exp'