龚熙凌与邢选与尤金·罗迪奥诺夫_通往Android Root之路在智能手机上利用您的GPU.pdf

编号:175519 PDF 53页 1.53MB 下载积分:VIP专享
下载报告请您先登录!

龚熙凌与邢选与尤金·罗迪奥诺夫_通往Android Root之路在智能手机上利用您的GPU.pdf

1、#BHUSA BlackHatEventsThe Way to Android Root:Exploiting Your GPU On SmartphoneXuan XingEugene RodionovXiling Gong#BHUSA BlackHatEventsWhoamiIncrease Android and Pixel security by attacking key components and features,identifying critical vulnerabilities before adversariesOffensive Security Reviews t

2、o verify(break)security assumptionsScale through tool development(e.g.continuous fuzzing)Develop proof of concepts to demonstrate real-world impactAssess the efficacy of security mitigations#BHUSA BlackHatEventsAgendaBackground IntroductionQualcomm Adreno GPU IntroductionCVE-2024-23380 and Exploitat

3、ionVulnerability and Methodology Discussion#BHUSA BlackHatEventsBackgroundWhy Android GPU Driver?No Permission RequiredPowerful FunctionsHigh ComplexityWhy Qualcomm Adreno GPU?Qualcomm is one of the most important smartphone SoC vendorsAdreno is the GPU used in most of the Qualcomm SoCsEvolved archi

4、tecture recently Unprivileged appKGSL GPU kernel moduleInterconnectDRAMCPUShared memory/dev/kgsl-#Graphics client API(GLES,Vk,)GPU MMU ManagerShared memory ManagerGPUEL0EL1HWIOMMUFW#BHUSA BlackHatEventsAdreno Driver IssuesSource:https:/ BlackHatEventsAdreno Driver Issues2019 TiYunZong Exploit Chain-

5、Gong Guang2020 Attacking the Qualcomm Adreno GPU-Project Zero2022 The Android kernel mitigations obstacle race-Man Yue Mo2023 code in user-writable mapping is executed in non-protected mode-Project Zero#BHUSA BlackHatEventsRecent Issues-Qualcomm Security BulletinBulletinCVERatingDate ReporterTech Ar

6、eaExploitability2024 JulyCVE-2024-23380High12/13/2023Xiling GongVBO IOMMU-Use After FreeYes-Easy-StableCVE-2024-23373High12/18/2023Man Yue Mo IOMMU-Use After FreeYes-Medium-StableCVE-2024-23372High12/12/2023Fish of Pangu TeamVBO IOMMU-Integer OverflowYes-Easy-Stable2024 JuneCVE-2024-21478High11/03/2

友情提示

1、下载报告失败解决办法
2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
4、本站报告下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。

本文(龚熙凌与邢选与尤金·罗迪奥诺夫_通往Android Root之路在智能手机上利用您的GPU.pdf)为本站 (张5G) 主动上传,三个皮匠报告文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知三个皮匠报告文库(点击联系客服),我们立即给予删除!

温馨提示:如果因为网速或其他原因下载失败请重新下载,重复下载不扣分。
客服
商务合作
小程序
服务号
折叠