Evils in the Sparse Texture Memory: Exploit Kernel Based on Undefined Behaviors of Graphic APIs

...In this talk, we will demonstrate vulnerabilities in the Imagination Technologies' PowerVR GPU, which is used in a wide range of Android devices. We have discovered several physical page UAF vulnerabilities, most of which are caused by the mishandled sparse texture memory management. Specifically, a malicious actor can manipulate arbitrary freed physical pages from the CPU side using OpenGL or from the GPU side using OpenCL. Unlike typical device driver exploits which heavily rely on driver IOCTL calls, a malicious …

android android devices apis devices exploit gpu imagination kernel management memory page physical technologies uaf vulnerabilities