all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CVE-2021-39991: Huawei DMSS Memory Access Management Configuration Unathorized Rewrite Via Peripheral DMA

Add to bookmarks
May 18, 2022, midnight |

Taszk Labs on taszk.io labs labs.taszk.io

Summary Last year we published research at Black Hat in which we disclosed multiple vulnerabilities in Huawei Kirin SoC’s DDR Controller (DMSS) Access Permission system which allowed some SoC cores or DMA-capable peripherals to directly access secure world memory and completely compromise the entire memory of the SoC. This advisory focuses on a new access permission vulnerability in the same DMSS. The vulnerability can be used to entirely compromise the SoC platform runtime (including all cores running in Secure World) …

access access management configuration cve dma huawei management memory

Visit resource

More from labs.taszk.io / Taszk Labs on taszk.io labs

Full Chain Baseband Exploits, Part 3 4 months, 3 weeks ago | labs.taszk.io
arbitrary code baseband code code execution +14
Full Chain Baseband Exploits, Part 2 4 months, 3 weeks ago | labs.taszk.io
baseband buffer buffer overflow concrete +13
Full Chain Baseband Exploits, Part 1 4 months, 3 weeks ago | labs.taszk.io
application baseband blog blog post +13
CVE-2023-30646: Samsung RIL Heap Buffer Overflow 5 months ago | labs.taszk.io
advisory android arbitrary code baseband +19
CVE-2022-21744: Mediatek Baseband GPRS PNCD Heap Buffer Overflow 5 months ago | labs.taszk.io
advisory arbitrary code baseband buffer +16
CVE-2023-21517: Samsung Baseband LTE ESM TFT Heap Buffer Overflow 5 months ago | labs.taszk.io
advisory arbitrary code baseband buffer +18
CVE-2022-21769: Mediatek CCCI Kernel Driver OOB Read 5 months ago | labs.taszk.io
application baseband cellular communication +23
CVE-2022-21765: Mediatek CCCI Kernel Driver OOB Write 5 months ago | labs.taszk.io
advisory application arbitrary code baseband +20
CVE-2022-21766: Mediatek CCCI Kernel Driver Stack Buffer Overflow 5 months ago | labs.taszk.io
advisory application arbitrary code baseband +24

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Offensive Security Engineer

@ Ivanti | United States, Remote
View on infosec-jobs.com

Senior Security Engineer I

@ Samsara | Remote - US
View on infosec-jobs.com

Senior Principal Information System Security Engineer

@ Chameleon Consulting Group | Herndon, VA
View on infosec-jobs.com

Junior Detections Engineer

@ Kandji | San Francisco
View on infosec-jobs.com

Data Security Engineer/ Architect - Remote United States

@ Stanley Black & Decker | Towson MD USA - 701 E Joppa Rd Bg 700
View on infosec-jobs.com
View more jobs