Giters

DirtyDroidX / disclosures

A place for disclosing things

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

disclosures

CVEs

  • "Get Super Serial" CVE-2015-2231 & CVE-2015-2232 Chain from an application with internet permissions to a system uid, then from a system uid to root. This is mainly due to an extremely weak firmware upgrade system calls "ADUPS" which has failed to have any type of response. While the two specific CVEs directly correlate to a few Blu phones, it appears to be used by many other lower-end phones.

About

A place for disclosing things