Gaining kernel code execution on an MTE-enabled Pixel 8 | allinfosecnews.com

March 18, 2024, 3 p.m. | Man Yue Mo

The GitHub Blog: Security News and Updates github.blog

In this post, I’ll look at CVE-2023-6241, a vulnerability in the Arm Mali GPU that allows a malicious app to gain arbitrary kernel code execution and root on an Android phone. I’ll show how this vulnerability can be exploited even when Memory Tagging Extension (MTE), a powerful mitigation, is enabled on the device.

The post Gaining kernel code execution on an MTE-enabled Pixel 8 appeared first on The GitHub Blog.

android app arm arm mali can code code execution cve exploited extension github security lab gpu kernel mali malicious malicious app memory mitigation phone pixel pixel 8 root security security research tagging vulnerability

More from github.blog / The GitHub Blog: Security News and Updates

Securing millions of developers through 2FA 2 days, 20 hours ago | github.blog

2fa adoption developers ecosystem +9

Security research without ever leaving GitHub: From code scanning to CVE via Codespaces and private … 3 weeks, 2 days ago | github.blog

blog blog post code codeql +16

Gaining kernel code execution on an MTE-enabled Pixel 8 1 month, 1 week ago | github.blog

android app arm arm mali +22

Keeping secrets out of public repositories 1 month, 4 weeks ago | github.blog

blog default developers github +10

How to stay safe from repo-jacking 2 months ago | github.blog

attack blog blog post can +10

Build code security skills with the GitHub Secure Code Game 2 months, 1 week ago | github.blog

actions blog build challenges +18

The architecture of SAST tools: An explainer for developers 2 months, 2 weeks ago | github.blog

address age architecture blog +15

AppSec is harder than you think. Here’s how AI can help. 2 months, 2 weeks ago | github.blog

appsec blog can closer +9

Rotating credentials for GitHub.com and new GHES patches 3 months, 1 week ago | github.blog

access bounty bug bug bounty +18

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Director, Cybersecurity - Governance, Risk and Compliance (GRC)

@ Stanley Black & Decker | New Britain CT USA - 1000 Stanley Dr

View on infosec-jobs.com

Information Security Risk Metrics Lead

@ Live Nation Entertainment | Work At Home-Connecticut

View on infosec-jobs.com

IT Product Owner - Enterprise DevSec Platform (d/f/m)

@ Airbus | Hamburg - Finkenwerder

View on infosec-jobs.com

Senior Information Security Specialist

@ Arthur Grand Technologies Inc | Arlington, VA, United States

View on infosec-jobs.com

Information Security Controls SME

@ Sword | Aberdeen, Scotland, United Kingdom

View on infosec-jobs.com