📄 Qualcomm CVP Kernel Driver Pointer Disclosure / Privilege Escalation

This advisory describes a local privilege escalation vulnerability affecting the Qualcomm CVP kernel driver msmcvp, exposed through the /dev/cvp device node on Android systems using Qualcomm SoCs. The vulnerability originates from an improperly obfuscated kernel pointer returned to user space as ...

📄 Qualcomm CVP Kernel Pointer Leak

The Qualcomm CVP driver exposes kernel pointers to userland by returning a hashed session ID derived from a kernel pointer using hash32ptr. This function is not a cryptographic hash but a reversible fold that XORs the upper and lower 32 bits of the pointer. Due to predictable ARM64 kernel virtual...