The 2015 Pwnie Nominee For Best Privilege Escalation Bug

PingPongRoot (CVE-2015-3636)

Credit: memeda, wushi, idl3r, Qoobee

KeenTeam has released a root privilege escalation exploit called pingpongroot, which roots Galaxy S6 and more coming soon. It exploits a use-after-free Linux kernel bug triggered via two connections over a ping socket. The exploit works on Android devices >= 4.3, including the latest 64bit Android devices and bypasses PXN kernel isolation. This work is being presented at Black Hat USA 2015 by Keen team member Wen Xu.’