/*
This article is prepared by Mo Gray Ash, reproduced please indicate the source.
Mo Ash Gray Email:[email protected]
*/
1 Vulnerability Description
The vulnerability arises mainly because the camera driver provides several interfaces for user-space calls. User space can use system call functions such as IOCTL or mmap to affect the camera driver. Hackers can easily use pre-constructed parameters to map physical memory to user space and elevate permissions.
2. Impact Equipment
Most of the Linux kernel android systems used before May 1, 2013
3.PoC
/* * This program is free software:you can redistribute it and/or modify * it under the terms of the GNU general public License as published by * The free software Foundation, either version 3 of the License, or * (at your option) any later Version. * * This program was distributed in the hope that it'll be useful, * but without any WARRANTY; Without even the implied warranty of * merchantability or FITNESS for A particular PURPOSE. See the * GNU general public License for more details. * * You should has received a copy of the GNU general public License * along. If not, see
4. Bug Fixes
5. Summary
1. The exploit is in fact similar to root exploit on Exynos (cve-2012-6422), but the method of map physical memory is different.
2. Second, the patch of the vulnerability is also very peculiar, but simply deleted the relevant vulnerability code. Estimate is a random copy of the code template caused by the vulnerability, haha.