Fall of the machines: Exploiting the Qualcomm NPU (neural processing unit) kernel driver

The text discusses three vulnerabilities in the Qualcomm neural processing unit (NPU) reported between November and December 2020, particularly focusing on a use-after-free (UAF) vulnerability (CVE-2021-1940) and two information leak vulnerabilities (CVE-2021-1968 and CVE-2021-1969). These vulnerabilities, when combined, allow for the execution of arbitrary kernel code from an untrusted app on certain Samsung devices, notably those using a Qualcomm chipset. The NPU, a coprocessor designed for AI and machine learning tasks, introduces new attack surfaces in mobile devices. The text highlights how these vulnerabilities were exploited to create a reverse root shell with SELinux disabled on devices like the Samsung Galaxy A71. It also notes the lack of research on Qualcomm's NPU compared to Samsung's and criticizes the long patch times for these vulnerabilities, suggesting that original equipment manufacturers (OEMs) review and restrict access to the NPU driver to enhance security.