Man Yue Mo: Gaining kernel code execution on an MTE-enabled Pixel 8

by
corbet
from LWN.net on (#6KF24)
Man Yue Mo explainshow to compromise a Pixel8 phone even when the Arm memory-tagging extension is in use, by takingadvantage of the Mali GPU.

So, by using the GPU to access physical addresses directly, I'mable to completely bypass the protection that MTEoffers. Ultimately, there is no memory safe code in the code thatmanages memory accesses. At some point, physical addresses willhave to be used directly to access memory.
External Content
Source RSS or Atom Feed
Feed Location http://lwn.net/headlines/rss
Feed Title LWN.net
Feed Link https://lwn.net/
Reply 0 comments