|
|
|
|
|
|
by xenadu02
2639 days ago
|
|
|
> Having been able to freely invoke IOCTL handlers of the driver from user-mode, we looked for other capabilities that can be abused. We found one: the driver provided a capability to map any physical page into user-mode with RW permissions. Invoking this handler allowed a code running with low privileges to read-write beyond the process boundaries—to other processes or even to kernel space. This, of course, means a full machine compromise. Please, continue. |
|
|
But FWIW, it's a pretty common thing for shitty drivers. Here's one example: https://forum.xda-developers.com/showthread.php?t=2057818