1337day-Exploits Posted September 8, 2020 Share Posted September 8, 2020 The Qualcomm Adreno GPU shares a global mapping called a "scratch" buffer with the Adreno KGSL kernel driver. The contents of the scratch buffer can be overwritten by untrusted GPU commands. This results in a logic error in the Adreno driver's ringbuffer allocation code, which can be used to corrupt ringbuffer data. A race condition exists between the ringbuffer corruption and a GPU context switch, and this results in a bypass of the GPU protected mode setting. This ultimately means that an attacker can read and write arbitrary physical addresses from userland by running GPU commands while protected mode disabled, which results in arbitrary kernel code execution. This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
.webp.8407a83ac96563f75e1c428a1f0d4c3e.webp)
.webp.9a04cec050a656fab081ac190f971c3f.webp)
Hack Tools Resurrection
1337day-Exploits
Recommended Posts