Subj : Man Yue Mo: Gaining kernel code execution on an MTE-enabled Pixel 8
To   : All
From : LWN.net
Date : Tue Mar 19 2024 13:45:06

Man Yue Mo: Gaining kernel code execution on an MTE-enabled Pixel 8

Date:
Tue, 19 Mar 2024 13:39:04 +0000

Description:
Man Yue Mo explains
how to compromise a Pixel8 phone even when the Arm memory-tagging extension 
is in use, by taking
advantage of the Mali GPU. So, by using the GPU to access physical addresses 
directly, I'm
	able to completely bypass the protection that MTE
	offers. Ultimately, there is no memory safe code in the code that
	manages memory accesses. At some point, physical addresses will
	have to be used directly to access memory.

======================================================================
Link to news story:
https://lwn.net/Articles/965926/


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)

.