Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2015-1805 PoC — Linux kernel‘fs/pipe.c’本地内存损坏漏洞

Source
https://github.com/mobilelinux/iovy_root_research
Associated Vulnerability
Title:Linux kernel‘fs/pipe.c’本地内存损坏漏洞 (CVE-2015-1805)
Description:The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun."
Description
A root tool based on the [CVE-2015-1805 vulnerability](https://access.redhat.com/security/cve/cve-2015-1805)  It supports 32 and 64bit, get sys call table address via swi.
Readme
Inspired by [dosomder/iovyroot] (https://github.com/dosomder/iovyroot)
A root tool based on the [CVE-2015-1805 vulnerability](https://access.redhat.com/security/cve/cve-2015-1805)

It supports 32 and 64bit, get sys call table address via swi. ref to [Getting sys_call_table on Android](https://www.nowsecure.com/blog/2013/03/13/getting-sys-call-table-on-android/)
File Snapshot

 [4.0K]  /data/pocs/429c63be5b8ee2691a25302ef18d919f5b3807c1
├── [4.0K]  jni
│   ├── [ 843]  Android.mk
│   ├── [  41]  Application.mk
│   ├── [4.0K]  common
│   │   ├── [ 315]  Android.mk
│   │   ├── [1.9K]  exp_sys_call.c
│   │   ├── [ 999]  exp_sys_call.h
│   │   ├── [6.7K]  getroot.c
│   │   ├── [ 337]  getroot.h
│   │   ├── [1.2K]  kallsyms.c
│   │   ├── [ 960]  kallsyms.h
│   │   ├── [1.3K]  log.h
│   │   └── [3.1K]  threadinfo.h
│   ├── [4.0K]  expIov
│   │   ├── [ 325]  Android.mk
│   │   ├── [ 139]  exp_iov.h
│   │   ├── [2.3K]  flex_array.c
│   │   ├── [4.0K]  include
│   │   │   └── [1.5K]  flex_array.h
│   │   └── [6.5K]  iov_exp_main.c
│   └── [ 522]  main.cpp
└── [ 364]  README.md

4 directories, 18 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →