all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

The code that wasn’t there: Reading memory on an Android device by accident

Add to bookmarks
Feb. 23, 2023, 5 p.m. | Man Yue Mo

The GitHub Blog: Security News and Updates github.blog

CVE-2022-25664, a vulnerability in the Qualcomm Adreno GPU, can be used to leak large amounts of information to a malicious Android application. Learn more about how the vulnerability can be used to leak information in both the user space and kernel space level of pages, and how the GitHub Security Lab used the kernel space information leak to construct a KASLR bypass.

accident android android device application bypass code cve device github github security lab gpu information kaslr kernel lab large leak learn malicious memory qualcomm security space vulnerability

Visit resource

More from github.blog / The GitHub Blog: Security News and Updates

How AI enhances static application security testing (SAST) 3 weeks, 2 days ago | github.blog
ai insights application application security application security testing +18
Introducing Artifact Attestations–now in public beta 4 weeks, 2 days ago | github.blog
actions artifact beta blog +7
Where does your software (really) come from? 1 month ago | github.blog
blog capabilities community github +11
CodeQL zero to hero part 3: Security research with CodeQL 1 month ago | github.blog
blog codeql github github security lab +6
Securing millions of developers through 2FA 1 month, 1 week ago | github.blog
2fa adoption developers ecosystem +9
Security research without ever leaving GitHub: From code scanning to CVE via Codespaces and private … 1 month, 4 weeks ago | github.blog
blog blog post code codeql +16
Gaining kernel code execution on an MTE-enabled Pixel 8 2 months, 2 weeks ago | github.blog
android app arm arm mali +22
Keeping secrets out of public repositories 3 months ago | github.blog
blog default developers github +10
How to stay safe from repo-jacking 3 months, 1 week ago | github.blog
attack blog blog post can +10

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote
View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC
View on infosec-jobs.com