by idiocrat on 6/14/24, 11:16 AM with 9 comments
by mschuster91 on 6/14/24, 4:58 PM
This one sentence just perfectly sums up everything that's broken in the embedded (i.e. everything non-x86) world. Everyone just forks random stuff at random points in the BSP's life time, and no one makes even the slightest effort to upstream it to mainline Linux (if that's possible at all given that Android's Linux fork itself does a lot of things differently than Linux upstream likes).
> I found two vulnerabilities in this driver. CVE-2023-32837 was a textbook OOB read/write in an array of structs. Various different members of the struct were accessed and modified, creating several different possibilities for exploitation, but also making them significantly more challenging. Interestingly, MediaTek partially fixed this bug in July 2021, although the exact date this patch went out to OEMs is unclear.
And that's the second point of danger. All the forks floating around make distributing patches in an efficient way all but impossible.
The fact that it's Google complaining here makes it all the more hilarious IMHO. Google are the ones who could fix this in an instant: demand upstreaming (or at least, reasonable efforts towards that) as a part of getting the Play Store certification.
A side note towards root exploit hunters: MediaTek's stuff is particularly gory. I'll admit my knowledge is some years dated, but I can't imagine that their code style and code quality has improved over the time...
by salesynerd on 6/14/24, 11:24 AM
by JosephRedfern on 6/14/24, 12:47 PM
It was far more basic than what's described in this blog post, but really good fun to poke around at.
by yjftsjthsd-h on 6/14/24, 5:02 PM
Oh, I didn't realize APEX could ship kernel modules; that's neat.
by neogodless on 6/14/24, 3:29 PM