{"vulnerability": "CVE-2022-2018", "sightings": [{"uuid": "1e7eb94b-c9bc-4dbb-8407-09cce2c66b45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20186", "type": "published-proof-of-concept", "source": "https://t.me/poxek/2467", "content": "#Android #CVE\n\nCorrupting memory without memory corruption\nCVE-2022-20186\n\n\u0412 \u044d\u0442\u043e\u0439 \u0441\u0442\u0430\u0442\u044c\u0435 \u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e CVE-2022-20186, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0435 \u044f\u0434\u0440\u0430 GPU Arm Mali, \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043f\u0430\u043c\u044f\u0442\u0438 \u044f\u0434\u0440\u0430 \u043e\u0442 \u043d\u0435\u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u043e\u0433\u043e \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u043d\u0430 Pixel 6. \u042d\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442 \u043c\u043d\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c root \u0438 \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c SELinux. \u042d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0434\u0447\u0435\u0440\u043a\u0438\u0432\u0430\u0435\u0442 \u0441\u0438\u043b\u044c\u043d\u044b\u0435 \u043f\u0440\u0438\u043c\u0438\u0442\u0438\u0432\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044f \u043e\u0448\u0438\u0431\u043a\u0438 \u0432 \u043a\u043e\u0434\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0430\u043c\u044f\u0442\u044c\u044e \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u043e\u0432 GPU.", "creation_timestamp": "2022-09-07T13:00:04.000000Z"}, {"uuid": "135d885b-1496-4ab7-b1c4-c69ba158a72d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20186", "type": "published-proof-of-concept", "source": "https://t.me/linkersec/178", "content": "Corrupting memory without memory corruption\n\nAn article by Man Yue Mo about exploiting CVE-2022-20186, an integer overflow in the Arm Mali GPU driver.\n\nThe bug allows mapping arbitrary physical pages to the GPU memory with both read and write access. The exploit gets arbitrary kernel code execution on Pixel 6, disables SELinux, and gains root.", "creation_timestamp": "2022-08-02T23:52:26.000000Z"}, {"uuid": "1726c7e6-70a1-4352-a707-661b9e8f3f69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20180", "type": "seen", "source": "https://t.me/cibsecurity/47970", "content": "\u203c CVE-2022-20180 \u203c\n\nIn several functions of mali_gralloc_reference.cpp, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-212804042References: N/A\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-11T18:32:11.000000Z"}, {"uuid": "f7e1939e-b1fc-4a4b-ba20-331aaa9103ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2018", "type": "seen", "source": "https://t.me/cibsecurity/44125", "content": "\u203c CVE-2022-2018 \u203c\n\nA vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. Affected is an unknown function of the file /admin/?page=inmates/view_inmate of the component Inmate Handler. The manipulation of the argument id with the input 1%27%20and%201=2%20union%20select%201,user(),3,4,5,6,7,8,9,0,database(),2,3,4,5,6,7,8,9,0,1,2,3,4--+ leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-09T20:33:39.000000Z"}, {"uuid": "88c5e23e-a70c-4db3-8245-6653346f59b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20181", "type": "seen", "source": "https://t.me/cibsecurity/44500", "content": "\u203c CVE-2022-20181 \u203c\n\nProduct: AndroidVersions: Android kernelAndroid ID: A-210936609References: N/A\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-15T18:20:16.000000Z"}, {"uuid": "9e80c7bf-8d30-4ef7-bedc-3adb997864b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20186", "type": "seen", "source": "https://t.me/cibsecurity/44526", "content": "\u203c CVE-2022-20186 \u203c\n\nIn kbase_mem_alias of mali_kbase_mem_linux.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-215001024References: N/A\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-15T18:26:31.000000Z"}, {"uuid": "70d221d1-1664-4860-abf1-63f4b9999eae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20184", "type": "seen", "source": "https://t.me/cibsecurity/44522", "content": "\u203c CVE-2022-20184 \u203c\n\nProduct: AndroidVersions: Android kernelAndroid ID: A-209153114References: N/A\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-15T18:26:23.000000Z"}, {"uuid": "fa43101a-f816-4f57-b059-705920e74b8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-20186", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6487", "content": "#exploit\n1. CVE-2022-20186:\nVulnerability in the Arm Mali GPU kernel driver\nhttps://github.blog/2022-07-27-corrupting-memory-without-memory-corruption\n\n2. Overkill - QNAP QTS Exploit\nhttps://github.com/jbaines-r7/overkill", "creation_timestamp": "2022-07-29T12:00:21.000000Z"}]}