[xenadu02]

Did your drivers also give usermode code the ability to map arbitrary memory addresses of the usermode code's choosing, thus granting full rw access to all memory pages in the system?

Either Huawei's driver developers are both incompetent and stupid or they're injecting malicious backdoors.

[monocasa]

That's not what this driver does, you need to re-read the article.

[xenadu02]

> Having been able to freely invoke IOCTL handlers of the driver from user-mode, we looked for other capabilities that can be abused. We found one: the driver provided a capability to map any physical page into user-mode with RW permissions. Invoking this handler allowed a code running with low privileges to read-write beyond the process boundaries—to other processes or even to kernel space. This, of course, means a full machine compromise.

Please, continue.

[monocasa]

Ok, I missed that part. Most people here are up in arms about the page mapping for the code injection.

But FWIW, it's a pretty common thing for shitty drivers. Here's one example: https://forum.xda-developers.com/showthread.php?t=2057818