Mali-cious Intent: Exploiting GPU Vulnerabilities (CVE-2022-22706 / CVE-2021-39793) | STAR Labs

Vulnerabilities in Mali GPUs allow unprivileged apps to gain root access by exploiting a flaw in the kbase_jd_user_buf_pin_pages() function. This function manages GPU memory access and lacks proper checks for GPU write permissions, enabling malicious apps to bypass security and modify read-only memory. The exploit involves allocating memory, importing it with CPU write access, and remapping it with read-only permissions, ultimately allowing the app to inject code into privileged processes and escalate privileges.