The high-pass encryption and decryption engine to mention the right vulnerability analysis-vulnerability warning-the black bar safety net

CVE-2016-3935 and CVE-2016-6738 we found that the high-pass encryption and decryption engine Qualcomm crypto engine two mention the right vulnerability, respectively, in 2016, 10 months, and 11 on the Google android vulnerabilities list is publicly acknowledged, while the high-pass also in 2016, 10-month and 11-month vulnerability announcement for the presentation and disclosure Acknowledgements. These two bug reports to Google when they are submitted to the Trojan and is adopted, this article introduce the two vulnerabilities of the Genesis and use.
Background knowledge
The high pass chip provides hardware encryption and decryption functions, and provides the drive to kernel mode and user mode program to provide high-speed encryption and decryption services, we are here to harvest a plurality of vulnerabilities, there are 3 main drive
- qcrypto driver: for kernel-mode programs use the encryption and decryption interface
- qcedev driver: for the user mode application using the encryption and decryption interface
- qce driver: with the encryption and decryption chip interaction, provide encryption and decryption of the drive the bottom of the interface
Documentation/crypto/msm/qce.txt

Linux kernel
(ex:IPSec)
(qcrypto) |
(for kernel space app) |
|
± >|
|
| *qce Qualcomm
| driver ADM driver ADM HW
± >| | |
| | |
| | |
| | |
Linux kernel | | |
misc device
interface (qcedev) (Reg interface) (DMA interface)

[1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [[13]] (<88464_13.htm>) [14] [15] [16] [17] [18] [19] [20] next