The code that wasn't there: Reading memory on an Android device by accident

CVE-2022-25664 is a vulnerability discovered in the Qualcomm Adreno GPU, which allows information leakage due to inconsistencies between the CPU cache and physical memory. This bug, found accidentally, can be exploited by a malicious Android app to leak large amounts of information from both user space and kernel space without affecting the phone's operational state. The vulnerability arises from cache coherency issues, which cause stale data in physical memory to be accessible even after it has been cleared from the CPU cache. Exploiting this flaw involves manipulating GPU command buffers to view inconsistent data in adjacent memory spaces, allowing for a potential Kernel Address Space Layout Randomization (KASLR) bypass. Although Qualcomm disclosed and patched the issue in October 2022, the bug highlights the challenges in detecting cache-related vulnerabilities, particularly due to the complex and often misunderstood cache-flushing mechanisms in Arm64 architectures.