Use after free in graphics fence due to a race condition while closing fence file descriptor and destroy graphics timeline simultaneously in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
Fork
My adaptation for the SM-F926U from the original exploit here
HUGE thanks to m-y-mo for discovering the exploit and his extreme patience with all my questions to port this to SM-F926U and make it useable
I've added a startup daemon (libtimelineso) based on code from Shizuku
Added a dirty trick to allow the temp root solution to be stable (see below)
Disclaimer: I am