Corrupting memory without memory corruption

CVE-2022-20186 is a vulnerability in the Arm Mali GPU's memory management code, which was reported and subsequently patched in the June update for Pixel devices. The flaw allows attackers to map arbitrary physical pages to GPU memory, leading to potential arbitrary kernel code execution and root access on devices like Pixel 6. The vulnerability underscores the attractiveness of GPU drivers as targets for attacks due to their complex and error-prone memory management code, which can often lead to undetectable memory corruption. Exploiting this vulnerability involves manipulating the memory pools and GPU page tables to access and write arbitrary kernel memory, bypassing traditional mitigations like kernel control flow integrity. The patching process for this bug highlighted typical delays in the Android ecosystem, with public visibility of patches before official releases contributing to potential exploitation windows. The post also discusses the intricate nature of Android's branching system and the challenges it poses in timely patching, while noting the possible overlap with a separate CVE ID, CVE-2022-28348.