PT-2017-7822 · Allwinner · Allwinner 3.4 Legacy Kernel

H00Die

Published

2017-03-27

Updated

2021-04-21

CVE-2016-10225

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Allwinner 3.4 legacy kernel for H3, A83T and H8 devices

Description The issue allows local users to gain root privileges. This is achieved by sending "rootmydevice" to the /proc/sunxi debug/sunxi debug API endpoint.

Recommendations For Allwinner 3.4 legacy kernel for H3, A83T and H8 devices, consider restricting access to the /proc/sunxi debug/sunxi debug endpoint to prevent exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2016-10225

Affected Products

Allwinner 3.4 Legacy Kernel

PT-2017-7822 · Allwinner · Allwinner 3.4 Legacy Kernel

CVE-2016-10225

Weakness Enumeration

Related Identifiers

Affected Products

References · 8