Evils in the Sparse Texture Memory - Exploiting Kernel Vulnerabilities in GPU APIs

Explore vulnerabilities in the Imagination Technologies' PowerVR GPU used in various Android devices during this 40-minute Black Hat conference talk. Discover several physical page UAF vulnerabilities caused by mishandled sparse texture memory management. Learn how malicious actors can manipulate arbitrary freed physical pages from both CPU and GPU sides using OpenGL and OpenCL. Understand the unique nature of these exploits, which primarily use OpenGL APIs and an extra mmap function, making them potentially harder to detect through static analysis. Gain insights into solutions for detecting these exploits and witness a demonstration of rooting a device. Presented by Xingyu Jin, Tony Mendez, and Richard Neal, this talk delves into the intricacies of kernel exploitation based on undefined behaviors of graphic APIs.