Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dirtycow exploit - a serious risk for us currently #37

jcadduono opened this Issue Nov 4, 2016 · 4 comments


None yet
5 participants
Copy link

jcadduono commented Nov 4, 2016

Everyone who is maintaining a kernel in the project please consider patching your kernel ASAP and submitting a pull request.


It should apply mostly cleanly over the proper kernel major versions. Use git am xx.patch, and then use patch -p1 < xx.patch if it fails followed by git am --continue.

This is a serious issue because NetHunter kernels are almost always running in permissive due to the complication of injecting massive amounts of policies to cover the chroot. In permissive, this gives ANY android app limited root access to your device.

Example exploit:
(yes, I used dirtycow to root a device, it's also a friendly exploit in the right hands!)

People could take my exploit and change a few things to do much worse things than flash a recovery partition.

Safely patched kernels

  • Galaxy Note 7 (1.4+)
  • Galaxy S7 (1.4+)
  • Galaxy S7 edge (1.4+)
  • Nexus 6 (CyanogenMod, 2.4+)
  • Jiayu S3 Advanced (1.0+)
  • ZTE Axon 7

This comment has been minimized.

Copy link

discipuloosho commented Nov 7, 2016


This comment has been minimized.

Copy link

DKingCN commented Nov 17, 2016

I checked and found the kernel of Jiayu S3 already patched.


This comment has been minimized.

Copy link

ariafan commented Apr 28, 2017

[ido] is already patched


This comment has been minimized.

Copy link

lavanoid commented Apr 14, 2019

One M8 patched. Just waiting for my pull request to be accepted, then I can provide a new zImage.


lavanoid added a commit to lavanoid/nethunter-devices that referenced this issue Apr 15, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.