Vulnerability Details : CVE-2016-10225
Public exploit exists!
The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending "rootmydevice" to /proc/sunxi_debug/sunxi_debug.
Exploit prediction scoring system (EPSS) score for CVE-2016-10225
Probability of exploitation activity in the next 30 days: 0.05%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 19 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2016-10225
-
Allwinner 3.4 Legacy Kernel Local Privilege Escalation
Disclosure Date: 2016-04-30First seen: 2020-04-26exploit/multi/local/allwinner_backdoorThis module attempts to exploit a debug backdoor privilege escalation in Allwinner SoC based devices. Vulnerable Allwinner SoC chips: H3, A83T or H8 which rely on Kernel 3.4. Vulnerable OS: all OS images available for Orange Pis, any for FriendlyA
CVSS scores for CVE-2016-10225
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2016-10225
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-10225
-
https://forum.armbian.com/index.php?/topic/1108-security-alert-for-allwinner-sun8i-h3a83th8/
Security Alert for Allwinner sun8i (H3/A83T/H8) - Allwinner H2 & H3 - Armbian forumMailing List;Third Party Advisory
-
https://irclog.whitequark.org/linux-sunxi/2016-04-29#16314390
#linux-sunxi on 2016-04-29 — irc logs at whitequark.orgIssue Tracking;Third Party Advisory
-
https://www.rapid7.com/db/modules/exploit/multi/local/allwinner_backdoor
Allwinner 3.4 Legacy Kernel Local Privilege EscalationExploit;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2017/02/15/9
oss-security - Re: CVE request: sunxi-debug (root privilege escalation in Allwinner kernel)Mailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/10/05/16
oss-security - CVE request: sunxi-debug (root privilege escalation in Allwinner kernel)Mailing List;Patch;Third Party Advisory
-
http://www.securityfocus.com/bid/93442
Allwinner Linux kernel 'sunxi-debug.c' Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
Products affected by CVE-2016-10225
- cpe:2.3:o:allwinner:linux-3.4-sunxi:-:*:*:*:*:*:*:*