Qualcomm Adreno/KGSL Unchecked Cast / Type Confusion Exploit

Qualcomm Adreno/KGSL suffers from an unchecked cast of vma-vmfile-privatedata in kgslsetupdmabufuseraddr. Qualcomm Adreno/KGSL: unchecked cast of vma-vmfile-privatedata in kgslsetupdmabufuseraddr Tested on a Pixel 4 flame, on the latest update from 2023-02, which self-reports as SPL 2022-10-05,...

Qualcomm Adreno/KGSL Unchecked Cast / Type Confusion

Qualcomm Adreno/KGSL: unchecked cast of vma-vmfile-privatedata in kgslsetupdmabufuseraddr Tested on a Pixel 4 flame, on the latest update from 2023-02, which self-reports as SPL 2022-10-05, since I don't yet have any newer device with KGSL here - but as far as I can tell from the sources, it shou...

Attacking the Qualcomm Adreno GPU

Posted by Ben Hawkes, Project Zero When writing an Android exploit, breaking out of the application sandbox is often a key step. There are a wide range of remote attacks that give you code execution with the privileges of an application like the browser or a messaging application, but a sandbox...

Google Pixel CVE-2019-2210 Privilege Escalation Vulnerability

Description Google Pixel is prone to a privilege-escalation vulnerability. An attackers may exploit this issue to gain elevated privileges. This issue are being tracked by Android Bug ID A-139148442. Technologies Affected Google Android 10.0 Google Android 9.0 Google Pixel 2 Google Pixel 2 XL...

A week in security (October 14 – 20)

Last week on Malwarebytes Labs, we tried to unlock the future of the password its vulnerabilities, current alternatives, and possible future disappearance, analyzed the lagging response by many businesses in adopting a patch for Pulse VPN vulnerability, looked at Instagram’s bulked-up security...