Skip to content

Gaining kernel code execution on an MTE-enabled Pixel 8 (GPU MTE bypass)

Aynı bug/CVE (CVE-2023-6241): bkz. canonical not Mali GPU MTE bypass kernel exec.

Mechanism

Arm Mali CSF driver'ının JIT memory management'ındaki (kbase_jit_grow) lock-drop race'i ve freed-yet-GPU-mapped page UAF'ın MTE'yi neden bypass ettiğinin tam anlatımı canonical not'ta: Mali GPU MTE bypass kernel exec.

Walkthrough

Tam walkthrough canonical not'ta: Mali GPU MTE bypass kernel exec.

References