CVE-2016-10225
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
27/03/2017
Last modified:
20/04/2025
Description
The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending "rootmydevice" to /proc/sunxi_debug/sunxi_debug.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Base Score 2.0
7.20
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:allwinner:linux-3.4-sunxi:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:allwinner:a83t:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:allwinner:h3:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:allwinner:h8:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.openwall.com/lists/oss-security/2016/10/05/16
- http://www.openwall.com/lists/oss-security/2017/02/15/9
- http://www.securityfocus.com/bid/93442
- https://forum.armbian.com/index.php?%2Ftopic%2F1108-security-alert-for-allwinner-sun8i-h3a83th8%2F=
- https://irclog.whitequark.org/linux-sunxi/2016-04-29#16314390
- https://www.rapid7.com/db/modules/exploit/multi/local/allwinner_backdoor
- http://www.openwall.com/lists/oss-security/2016/10/05/16
- http://www.openwall.com/lists/oss-security/2017/02/15/9
- http://www.securityfocus.com/bid/93442
- https://forum.armbian.com/index.php?%2Ftopic%2F1108-security-alert-for-allwinner-sun8i-h3a83th8%2F=
- https://irclog.whitequark.org/linux-sunxi/2016-04-29#16314390
- https://www.rapid7.com/db/modules/exploit/multi/local/allwinner_backdoor