Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Patching CVE-2015-1474 -- Remotely exploitable graphics buffer overflow on my Nexus device (N5 5.0.1)

This is a brief guide on how I patched the CVE-2015-1474 for my Nexus 5 - 5.0.1. This involes downloading and building AOSP with the patch for the vuln applied. I have attached a pre-built patched version of libui.so for the Nexus5 5.0.1 in the case you are too lazy to build it yourself (and you trust me).

Building patched libui for your nexus device

repo init -u https://android.googlesource.com/platform/manifest -b android-5.0.1_r1
repo sync -j16

cd frameworks/native
# https://android.googlesource.com/platform/frameworks/native/+/38803268570f90e97452cd9a30ac831661829091%5E%21/#F0
git cherry-pick 2bc5e811a817a8c667bca4318ae98582b0ee6dc6
cd ../../

. build/envsetup
lunch #Select the device you are building for .. in my case : 22. aosp_hammerhead-userdebug

make -j8

Patching your device, if it's rooted:

adb shell su -c "mount -o rw,remount /dev/block/platform/msm_sdcc.1/by-name/system"
adb push out/target/product/hammerhead/system/lib/libui.so /data/local/tmp/
adb shell su -c "mv /system/lib/libui.so /system/lib/libui.so.bak"
adb shell su -c "cp /data/local/tmp/libui.so /system/lib/libui.so"
adb shell su -c "rm /data/local/tmp/libui.so"
adb shell su -c "chown 0.0 /system/lib/libui.so"
adb shell su -c "chmod 644 /system/lib/libui.so"
adb reboot

Patching your device if it's not rooted, but you have an unlocked bootloader:

note: I did not manually test these instructions:

#Put the device into fastboot mode either `adb reboot bootloader` or by holding vol down + pwr
# Boot CWM recovery:
fastboot boot <CWMRecovery

#Example: fastboot boot recovery-clockwork-touch-6.0.4.5-hammerhead.img
mount /system
adb shell mv /system/lib/libui.so /system/lib/libui.so.bak
adb push out/target/product/hammerhead/system/lib/libui.so /system/lib/libui.so
adb shell chown 0.0 /system/lib/libui.so
adb shell chmod 644 /system/lib/libui.so

#Reboot device

Check out Trustable as it should now show the GraphicsBuffer overflow as patched: Patched

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.