In the Qmage image processor supplied in Samsung Android firmware, which is built into the Skia graphics rendering system,
The problem is believed to have been present since 2014, starting with firmwares based on Android 4.4.4, which were modified to work with additional image formats QM, QG, ASTC and PIO (PNG variant). Vulnerability
The problem was identified during fuzz testing by a Google engineer who also proved that the vulnerability is not limited to a crash and prepared a working prototype of an exploit that bypasses ASLR protection and launches a calculator by sending a series of MMS messages to a Samsung Galaxy Note 10+ smartphone running the platform. Android 10.
In the example shown, successful exploitation took approximately 100 minutes to attack and send more than 120 messages. The exploit consists of two parts - at the first stage, to bypass ASLR, the base address is determined in the libskia.so and libhwui.so libraries, and at the second stage, remote access to the device is provided by launching the βreverse shellβ. Depending on the memory layout, determining the base address requires sending from 75 to 450 messages.
Additionally, it can be noted
- CVE-2020-0096 is a local vulnerability that allows code to be executed when processing a specially crafted file);
- CVE-2020-0103 is a remote vulnerability in the system that allows code to be executed when processing specially formatted external data);
- CVE-2020-3641 - Vulnerability in Qualcomm proprietary components).
Source: opennet.ru