Proof-of-concept code for CVE-2019-14041
More details about the vulnerability are available in the blog post.
If you have any questions, you are welcome to DM me on Twitter (@tamir_zb).
In order to build, run Android NDK's ndk-build
.
In order to run the PoC, make sure to run it from a context where
/dev/qseecom
is accessible.
Running this on a Pixel 3 running Android 9 causes the kernel to panic. In theory this PoC should work on other Android devices and versions without any modifications but I have not tested it.