Samsung Kernel /dev/hdcp2 hdcp_session

Samsung Kernel /dev/hdcp2 hdcp_session_close() Race Condition

Posted by deepcore on February 29, 2020 – 8:19 am

In the Samsung kernel, the /dev/hdcp2 device ioctls seem to implement no locking, leading to multiple exploitable race conditions. For example, you can open a session with the HDCP_IOC_SESSION_OPEN ioctl, and then close it in multiple threads in parallel with the HDCP_IOC_SESSION_CLOSE. Since no locking is implemented in hdcp_session_close(), memory will be corrupted and the system will become unstable.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« XNU tcp_input Use-After-Free Comtrend VR-3033 Command Injection »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Samsung Kernel /dev/hdcp2 hdcp_session_close() Race Condition

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL