Summary: Security researchers have uncovered severe vulnerabilities in Qualcomm GPU drivers that affect numerous Android devices, allowing attackers to escalate privileges to root level through sophisticated methods. Key vulnerabilities, identified as CVE-2024-23380 and CVE-2024-23373, exploit race conditions and memory management flaws in the GPU subsystem. This situation raises concerns for device manufacturers, highlighting the urgent need for improved security measures against such advanced exploitation techniques.
Affected: Qualcomm GPU drivers affecting devices from brands like Samsung, Honor, Xiaomi, and Vivo.
Keypoints :
- Exploits are centered around GPU Address Fault (GPUAF) vulnerabilities, affecting memory management and leading to privilege escalation.
- Research identifies dual exploitation methods through page tables and pipe buffers, showcasing sophisticated manipulation of kernel memory management.
- Current Android security measures, including Samsung’s KNOX, are ineffective against these multi-layered attacks, necessitating a rethink of mitigation strategies by manufacturers.
Source: https://gbhackers.com/two-methods-to-root-qualcomm-based-android-phones/