tags:androidbinderlpefuzzinguaf original link: Attacking Android Binder: Analysis and Exploitation of CVE-2023-20938 newsletter link: exploits.club Weekly Newsletter 24
Exploits Club Summary:
The Android Red Team gave a presentation at OffensiveCon24 discussing the fuzzing work they had done against Binder, and how they leveraged the findings into an LPE. This post serves in conjunction with that talk, providing a nice written explanation for the root cause of the vulnerability and the associated exploitation. The vulnerability itself stems from a tricky error handling condition which can be manipulated to trigger a UAF. The exploit builds on previous work done by Blue Frost Security, but changes the technique slightly in order to account for changes in the SLUB allocator in newer kernel versions.