Share
## https://sploitus.com/exploit?id=FC72E969-2359-543D-BA67-FFB9519EE88B
# CVE-2026-43499 Detector

Android app that detects the kernel vulnerability **CVE-2026-43499** โ€” a use-after-free in `rtmutex` triggered via `futex_requeue`.

## Vulnerability

| | |
|---|---|
| **CVE** | CVE-2026-43499 |
| **Type** | Use-after-free |
| **Component** | `kernel/locking/rtmutex.c` |
| **Trigger** | `futex_requeue` โ†’ proxy-lock rollback in `remove_waiter()` uses `current` instead of `waiter->task` |
| **CVSS** | 7.8 (HIGH) |
| **Affected** | Linux 2.6.39 โ€“ 6.1.174 |
| **Patched** | 6.18.27+, 6.12.86+, 6.6.140+, 6.1.175+ |

## How it works

1. Checks kernel version against known-patched releases. If the kernel is at or above a patched version, reports **safe** immediately.
2. Otherwise, runs a native PoC binary (shipped via `jniLibs`, executed from `nativeLibraryDir`).
3. For 5 attempts:
   - Starts the binary
   - Waits 5 seconds
   - Sends **SIGTERM**
   - Waits 5 seconds for the process to die
4. If the process survives SIGTERM in any attempt (stuck in D-state) โ†’ **vulnerable**.
5. If all 5 attempts are killable โ†’ **patched**.
6. Waits an additional 5 seconds after the last attempt.

Binary bitness is auto-detected from `Build.SUPPORTED_ABIS`.

## Requirements

- Android 7.0+ (API 24)
- ARM (32-bit build: `armeabi-v7a`)

## Tech stack

- Kotlin
- Jetpack Compose
- Material Deisgn 3
- Single-activity architecture

## Build

```bash
./gradlew assembleDebug
```

APK output: `app/build/outputs/apk/debug/app-debug.apk`

## Links

- [CVE-2026-43499 (NVD)](https://nvd.nist.gov/vuln/detail/CVE-2026-43499)
- [PoC source code](https://github.com/NebuSec/CyberMeowfia/blob/main/IonStack/CVE-2026-43499/poc/poc.c)

## Kernel patches

| Kernel | Repository |
|--------|------------|
| 3.4 | [acroreiser/android_kernel_lge_hammerhead](https://github.com/acroreiser/android_kernel_lge_hammerhead) |
| 3.10 | [acroreiser/android_kernel_lenovo_a6010](https://github.com/acroreiser/android_kernel_lenovo_a6010) |
| 4.4 | [acroreiser/android_kernel_samsung_universal8895](https://github.com/acroreiser/android_kernel_samsung_universal8895) |
| 4.9 | [Lenovo-Z5s/android_kernel_lenovo_sdm710](https://github.com/Lenovo-Z5s/android_kernel_lenovo_sdm710) |
| 4.9 | [ximi-daisy-test/android_kernel_xiaomi_msm8953](https://github.com/ximi-daisy-test/android_kernel_xiaomi_msm8953) |

## Warning

Running the test on a vulnerable device may cause a kernel crash or spontaneous reboot. Proceed at your own risk.