[Nulled] » Programming » Hacking » Technical details have been published about the vulnerability of the Arm Mali GPU
January 26 2023

Technical details have been published about the vulnerability of the

Technical details have been published about the vulnerability of the Arm Mali GPU, which leads to RCE in the kernel and the rooting of Pixel 6 devices using a malicious application installed on the target device.

Tracked as CVE-2022-38181 has a CVSS score of 8.8 and is a post-release usage bug that affects Arm Mali driver versions prior to r40p0 (released October 7, 2022).

The problem, as explained by GitHub Security Lab researcher Man Yue Mo, is related to a special type of GPU memory: JIT memory and a special function for sending job chains to the GPU.

Thanks to CVE-2022-38181, malicious code can be used to add an area of JIT memory to the preemption list, and then create a memory shortage to cause vulnerable preemption, resulting in the JIT area being freed without freeing the pointer.

The researcher discovered that the freed JIT area can be replaced with a fake object that can be used to potentially free arbitrary pages, and then use them to access arbitrary memory for reading and writing.

The attacker will need to map the kernel code to the address space of the GPU to get the execution of arbitrary kernel code, which can then be used to overwrite the credentials of our process to get root and disable SELinux.

Man Yue Mo reported the vulnerability to the Android security team in July 2022 along with PoC. Initially, the flaw was marked as having a high degree of severity, but then the report was forwarded to the Arm team.

According to the researcher, after the October Arm patch in 2022, Google included a fix for this vulnerability in the security update for Pixel devices from January 2023, but without mentioning the CVE identifier or the initial error data.

Information

Visitors who are in the group Guests they can't download files.
Log in to the site under your login and password or if you are a new user go through the process registrations on the website.

Comments:

    1. Amin (👨‍💼🅿🆁🅴🅼🅸🆄🅼)

      01 April 2024 09:02 32 commenti

      I didn't expect it But it works Thanks

Information the publication:

  • Author of the publication: AdequateSchizo
  • Date of publication: 26 January 2023 12:12
  • Publication category(s): Programming»,Hacking
  • Number of views of the publication: 196
  • Number of comments to the publication: 1

Related News

16 January 2023
Information security
Experts warn of a

Experts warn of a critical vulnerability of the Linux kernel of 10 points on the CVSS scale, which affects SMB

Read more
25 January 2023
Information security
Tacito Security

Tacito Security researchers have released a PoC exploit for a vulnerability called iTLB multihit. The error

Read more
23 January 2023
Information security
Popular WordPress

Popular WordPress plugins are vulnerable to serious or critical SQL injection vulnerabilities for which PoC

Read more
16 January 2023
Information security
Potentially serious UEFI

Potentially serious UEFI firmware vulnerabilities in Qualcomm Snapdragon chips affect many devices manufactured by

Read more
23 January 2023
Information security
For more than a year,

For more than a year, the secure boot feature on MSI motherboards had a vulnerability and allowed malicious code

Read more

Information

Users of 🆅🅸🆂🅸🆃🅾🆁 are not allowed to comment this publication.

Site Search

Site Menu


☑ Websites Scripts

Calendar

«    November 2024    »
MonTueWedThuFriSatSun
 123
45678910
11121314151617
18192021222324
252627282930 

Advertisement

Survey on the website

Evaluate the work of the site
 

Statistics

  • +12 Total articles 6747
  • +14 Comments 4077
  • +25 Users : 5841