Proof-of-concept code for CVE-2019-14040
More details about the vulnerability are available in the blog post.
If you have any questions, you are welcome to DM me on Twitter (@tamir_zb).
In order to build, run Android NDK's ndk-build
.
In order to run the PoC, run the binary using the following command:
LD_PRELOAD=libQSEEComAPI.so ./qseecom_uaf
Make sure to run it from a context where /dev/qseecom
is accessible.
Running this on a Pixel 3 running Android 9 causes the kernel to panic. In theory this PoC should work on other Android devices and versions without any modifications but I have not tested it.