Note that at this point I believed every tablet ran Android OS 4.2.2 Jelly Bean.

I found a great vulnerability resource at http://www.androidvulnerabilities.org/by/version/4.2.2 and in the end reviewed and tried out proof-of-concepts for every supported vulnerability listed.

Besides the generic Android OS vulnerabilities it quickly became apparent that once the Android source went through the hands of Samsung developers and their product managers it gained many preinstalled user-facing and "hidden" apps together with a scary amount of new vulnerabilities, which will later turn out to be a blessing in disguise.

I never before went down the rabbit hole of specific CVEs and it was an exciting and educational journey for me, a Java-focused Android developer with moderate C/Linux knowledge. I felt humbled by the security researchers and disturbed by the amount of attack vectors - in such complex systems it seems you can only do damage-control, you can never be fully secure, especially when considering the competition on the smartphone/tablet market, where companies have to innovate to stay on top and under-the-hood code security counts for much less than the newest buzzwords and product marketing requirements.

Going back to androidvulnerabilities.org, here's what I found out:

• libperf_event, TowelRoot/futex_requeue, ping_unhash
  Source: https://github.com/android-rooting-tools/android_run_root_shell
  Was not able to find a working PoC for my Intel tablet or compile a PoC from GitHub that would trigger this. It also seemed the Linux kernel Samsung chose for this tablet was different from what contemporary ARM Androids run on.
• Fake ID
  Source: https://github.com/boyliang/Android_FakeID_Exploit
  I had great fun with this - I found scripts to make an APK that could impersonate the Flash Player plugin and get executed from any WebView context but there was no way to read the wpa_supplicant.conf file from there.
• Stagefright, ObjectInputStream deserializable
  Source: https://github.com/retme7/CVE-2014-7911_poc
  A family of various media file exploits I'm sure it could be used to do anything to the tablet but required the knowledge of assembly and crafting ROP chains with few x86 examples and thus way out of my league. Same goes for CVE-2014-7911.
• dirtyc0w
  Source: https://dirtycow.ninja/
  Now we're getting somewhere! A powerful exploit in the right hands, one could overwrite any file (even on the read-only mounted /system partition) with data less than or equal in size of the target. And the Linux kernel version of my tablet was vulnerable! While ironic that the only suitable exploit only allows for write access and not actually reading the contents, this cow that rolled in the mud too much was the One.