PoCs for my CVEs can be found on my github: https://github.com/ScottyBauer/Android_Kernel_CVE_POCs Most bugs have been found via Code review or custom fuzzers. CVE List may not be fully up-to-date with issues I have found internally while working at Qualcomm. List of my CVEs: CVE-2021-35130 CVE-2021-35089 CVE-2020-11137 CVE-2020-11140 CVE-2020-11143 CVE-2020-11138 CVE-2020-3691 CVE-2020-3685 CVE-2020-3686 CVE-2019-10585 CVE-2019-14093 CVE-2019-9296 CVE-2018-9441 CVE-2018-9430 CVE-2018-5835 CVE-2017-11068 CVE-2017-11094 CVE-2017-11095 CVE-2017-17772 CVE-2017-15835 CVE-2018-9388 CVE-2018-9355 CVE-2018-9380 CVE-2017-14878 CVE-2017-15817 (Was CVE-2017-15815?) CVE-2017-9686 CVE-2017-13160 CVE-2017-8250 CVE-2017-9714 CVE-2017-11015 CVE-2017-11013 CVE-2017-11014 CVE-2017-11053 CVE-2017-0740 CVE-2017-9680 CVE-2017-8259 CVE-2017-8260 CVE-2017-0705 CVE-2016-5861 CVE-2016-10274 CVE-2016-5857 Reported to Qcom CVE-2016-5856 Reported to Qcom CVE-2016-5855 Reported to Qcom CVE-2016-5854 Reported to Qcom CVE-2017-0576 Shared with Derrek CVE-2017-0339 CVE-2017-0562 CVE-2017-0521 CVE-2017-0504 CVE-2017-0516 CVE-2017-0451 CVE-2017-0405 CVE-2016-6693 (shared with Seven Shen from Trend Micro Mobile Threat Research Team) CVE-2016-3936 CVE-2016-3928 CVE-2016-3902 CVE-2016-3937 CVE-2016-6696 CVE-2016-6516 CVE-2016-2474 (Shared with Maciej Szawłowski of the Google Security Team. -- Original patch was incorrect and a new stack overflow was introduced. The issue was merged into this CVE) CVE-2016-3868 CVE-2016-3867 CVE-2016-3893 CVE-2016-3813 CVE‐2016‐2469 CVE-2016-2502 alt link CVE-2016-5829 CVE-2016-2501 alt link CVE-2016-3794 CVE-2016-3797 CVE-2016-3813 CVE-2016-3815 CVE-2016-2469 CVE-2016-2061 alt link CVE-2016-2066 alt link CVE-2016-2064 CVE-2016-2065 CVE-2016-2489 alt link CVE-2016-2465 CVE-2016-2445 (Shared with Jianqiang Zhao(@jianqiangzhao) and pjf(weibo.com/jfpan) of IceSword Lab, Qihoo 360) CVE-2016-0822 CVE-2014-3164 ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ███ ███ ▄████ ▄▄████▄▄ ███ ███ ███ ███ ▄█████ ▄██▀ ▀██▄ ███ ███ ███ ███ ▄██▀███ ███ ███ ███ ███ ██████████ ▄██▀ ███ ███ ███▄███ ███ ███ ▄██▀ ███ ███ ████████ ███ ███ ▄██▀ ███ ███ ███ ███ ████ ███ ███ ▄██████████ ▀██▄ ▄██▀ ███ ████ ███ ███ ▄██▀ ███ ▀▀████▀▀ ███ ████ _____ ███████████ ███ ███ ██████████ ,-:` \;',`'- ███ ███ ███ ███ .'-;_,; ':-;_,'. ███ ███ ███ ███ /; '/ , _`.-\ ███ ██████████ ███████ | '`. (` /` ` \`| ███ ███ ███ ███ |:. `\`-. \_ / | ███ ███ ███ ███ | ( `, .`\ ;'| ███ ███ ███ ███ \ | .' `-'/ ███ ███ ███ ██████████ `. ;/ .' `'-._____.-'` ███████▄▄ ███ ▄████ ███▄ ███ ██████████ ███████████ /""-._ ███ ▀██▄ ███ ▄█████ ████▄ ███ ███ ███ . '-, ███ ███ ███ ▄██▀███ █████▄ ███ ███ ███ : '', ███ ▄██▀ ███ ▄██▀ ███ ███▀██▄ ███ ███████ ███ ; * '. ███████▀▀ ███ ▄██▀ ███ ███ ▀██▄███ ███ ███ ' * () '. ███ ███ ▄██▀ ███ ███ ▀█████ ███ ███ \ \ ███ ███ ▄██████████ ███ ▀████ ███ ███ \ _.---.._ '. ███ ████████ ▄██▀ ███ ███ ▀███ ██████████ ███ : .' _.--''-'' \ ,' .._ '/.' . ; ; `-. , \' ; `, ; ._\ ; \ _,-' ''--._ : \_,-' '-._ \ ,-' . '-._ .' __.-''; \...,__ '. ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄.' _,-' \ \ ''--.,__ '\ / _,--' ; \ ; "^.} ;_,-' ) \ )\ ) ; / \/ \_.,-' ; / ; ,-' _,-'''-. ,-., ; ,-' _.-' \ / |/'-._...--' :--`` )/ 888 888 d8888 .d8888b. 888 d8P 888 888 d88888 d88P Y88b 888 d8P 888 888 d88P888 888 888 888 d8P 8888888888 d88P 888 888 888d88K 888 888 d88P 888 888 8888888b 888 888 d88P 888 888 888 888 Y88b 888 888 d8888888888 Y88b d88P 888 Y88b 888 888 d88P 888 "Y8888P" 888 Y88b _____ 8888888888 888 ,-:` \;',`'- 888 888 .'-;_,; ':-;_,'. 888 888 /; '/ , _`.-\ 8888888 888 | '`. (` /` ` \`| 888 888 |:. `\`-. \_ / | 888 888 | ( `, .`\ ;'| 888 888 \ | .' `-'/ 8888888888 88888888 `. ;/ .' `'-._____.-'` 8888888b. 888 d8888 888b 888 8888888888 88888888888 d8888 888 Y88b 888 d88888 8888b 888 888 888 d88888 888 888 888 d88P888 88888b 888 888 888 d88P888 888 d88P 888 d88P 888 888Y88b 888 8888888 888 d88P 888 8888888P" 888 d88P 888 888 Y88b888 888 888 d88P 888 888 888 d88P 888 888 Y88888 888 888 d88P 888 888 888 d8888888888 888 Y8888 888 888 d8888888888 888 88888888 d88P 888 888 Y888 8888888888 888 d88P 888