CVE-2021-28663 PoC — ARM Mali GPU 资源管理错误漏洞

Source

https://github.com/lntrx/CVE-2021-28663

Associated Vulnerability

Title:ARM Mali GPU 资源管理错误漏洞 (CVE-2021-28663)
Description:ARM Mali GPU是英国ARM公司的一款移动显示芯片组（GPUs）系列。和其他基于IP核心（IP cores）嵌入式技术的3D显示芯片一样，Mali显示芯片组没有提供特别用来驱动LCD显示器显示图像的显示控制器（类似于显卡），相反地，它是一个纯3D显示引擎，它将图像加载到缓存中，并且由专门负责图像显示处理的内置显示核心来显示这些图像。 Arm Mali GPU 内核驱动程序存在资源管理错误漏洞，该漏洞源于 GPU 内存操作处理不当，导致释放后使用。该漏洞允许权限升级或信息泄露。这会影响 Bifros

Description

A basic PoC leak for CVE-2021-28663 (Internal of the Android kernel backdoor vulnerability)

Readme

# CVE-2021-28663
A basic PoC leak for CVE-2021-28663 (Internal of the Android kernel backdoor vulnerability)

This is a basic PoC for CVE-2021-28663. A design flaw in Mali GPU Android Kernel Driver.

1. Create a `GPU_VA` and also `mmap` to it so we can get virtual addr for phys pages.
2. Create an alias for phy pages, but don't do `mmap` so `gpu_mapping` remains as 1
3. Change flags of `GPU_VA` to `BASE_MEM_DONT_NEED`. Mali will make them evictable
4. Since we have `reg` for aliased page, now we can `mmap` to it. This will give us RDONLY access from CPU

## Example run:

![Example run CVE-2021-28663](ss/1.png)

![Example run CVE-2021-28663](ss/2.png)

![Example run CVE-2021-28663](ss/3.png)

File Snapshot


 [4.0K]  /data/pocs/e94bce8c16841c4f3bee44a3c4714f3b3fe0e4c7
├── [ 544]  compile.sh
├── [2.3K]  mali.h
├── [ 12K]  mali_poc_64
├── [4.2K]  mali_poc.c
├── [ 700]  README.md
└── [4.0K]  ss
    ├── [189K]  1.png
    ├── [100K]  2.png
    └── [116K]  3.png

1 directory, 8 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!