Correct firmware versions.

m-y-mo · m-y-mo · commit bad40af81145 · 2021-03-16T16:01:02.000Z
diff --git a/SecurityExploits/Android/Qualcomm/CVE-2020-11239/README.md b/SecurityExploits/Android/Qualcomm/CVE-2020-11239/README.md
@@ -2,7 +2,7 @@
 
 The write up can be found [here](https://securitylab.github.com/research/one_day_short_of_a_fullchain_android). This is a bug in the Qualcomm kgsl driver I reported in July 2020. The GitHub Advisory can be found [here](https://securitylab.github.com/advisories/GHSL-2020-375-kgsl). The bug can be used to gain arbitrary kernel code execution, read and write from the untrusted app domain.
 
-The exploit is tested on Samsung Galaxy A71 with firmware version A715FXXUATJ2, Baseband A715FXXU3ATI5 and Kernel version 4.14.117-19828683. The offsets in the exploit refers to that version of the firmware. For different models of phones, the macro `DMA_ADDRESS`, which indicates the address of the SWIOTLB buffer, will also need to be changed.
+The exploit is tested on Samsung Galaxy A71 with firmware version A715FXXU3ATJ2, Baseband A715FXXU3ATI5 and Kernel version 4.14.117-19828683. The offsets in the exploit refers to that version of the firmware. For different models of phones, the macro `DMA_ADDRESS`, which indicates the address of the SWIOTLB buffer, will also need to be changed.
 
 The exploit is reasonably reliable, although it does need to wait a few minutes after start up, after the kernel activities settled down before running.
 
diff --git a/SecurityExploits/Chrome/SandboxEscape/GHSL-2020-165/README.md b/SecurityExploits/Chrome/SandboxEscape/GHSL-2020-165/README.md
@@ -13,7 +13,7 @@ symbol_level = 1
 blink_symbol_level = 1
 ```
 
-The exploit is tested on Samsung Galaxy A71 with firmware version A715FXXUATJ2, Baseband A715FXXU3ATI5 and Kernel version 4.14.117-19828683. The offsets in the exploit assume this version of the firmware. For other firmware, use the offsets in the corresponding libraries `libhwui.so` and `libc.so` under `system/lib64`. (64 bit) It requires production firmware on the phone and would fail on emulators and phones with development firmware (i.e. OS built from AOSP source) The actual offsets of these libraries also needs to be updated to the ones obtained from the compromised renderer.
+The exploit is tested on Samsung Galaxy A71 with firmware version A715FXXU3ATJ2, Baseband A715FXXU3ATI5 and Kernel version 4.14.117-19828683. The offsets in the exploit assume this version of the firmware. For other firmware, use the offsets in the corresponding libraries `libhwui.so` and `libc.so` under `system/lib64`. (64 bit) It requires production firmware on the phone and would fail on emulators and phones with development firmware (i.e. OS built from AOSP source) The actual offsets of these libraries also needs to be updated to the ones obtained from the compromised renderer.
 
 It should succeed most of the time and rarely crash. If successful, it'll run the shell command in the `command` variable in the file `payment_request_clip.html`, which would create a file called `pwn` under the directory `/data/data/org.chromium.chrome/`. It can be replaced with other shell commands.
 
