By exploiting the majority of these, an attacker gains admin-level access to the system (local privilege escalation, or LPE), while two of them result in remote code execution (RCE).
The majority of the flaws that CISA added to its KEV database were made public in 2013 and were previously leveraged by the Tizi virus to root Android devices.
Android device rooting through the Linux kernel’s CVE-2013-6282 (LPE) -Linux kernel faulty input validation that permits read/write to memory [VROOT]
Stack-based buffer overflow in the Code Aurora audio driver, CVE-2013-2597 (LPE)
CVE-2013-2596 (LPE) – Integer overflow in the Linux kernel
Linux kernel privilege escalation, CVE-2013-2094
The 2010 Stuxnet worm, which destroyed the centrifuges at the Natanz uranium mine, was propagated via the first defect that CISA required government agencies to fix.