Пожалуйста, обратите внимание, что пользователь заблокирован
Description
Last year, we developed an advanced exploit technique capable of transforming a conventional out-of-bounds (OOB) bug into a more potent exploit primitive, specifically a page Use-After-Free (UAF). Utilizing this technique, we successfully exploited a vulnerability in the Pixel series, achieving Kernel Code Execution.
This presentation will commence with a thorough examination of the component where we identified eight vulnerabilities, all of which were patched this year. We will delve into the root causes of these vulnerabilities.
Subsequently, we will demonstrate how we applied our exploit technique to convert one of these bugs into a Page UAF (PUAF), and subsequently construct a physical memory read/write primitive on a Pixel 8 with Memory Tagging Extension (MTE) enabled.
Furthermore, this talk will address the challenges we encountered during the development of this exploit, highlighting the differences in exploitation techniques between the Pixel 6 and Pixel 8 models.
