tags:ITWandroiddouble_freenpucross-cachedirty_pagetablesamsung original link: CVE-2022-22265 Samsung npu driver newsletter link: exploits.club Weekly Newsletter 35 - NPU exploits, Phrack 71, 2014 Tablet Hacks, and More


Exploits Club Summary:

Strap in, this bad boy is packed to the gills with technical content. @javierprtd took to the internet this week to walk us through an exploit he wrote for an ITW 0day reported by Google. The post starts with a walkthrough and RCA of the double free in the Samsung NPU driver. It then discusses exploit strategy, and we hit all the good stuff
cross-cache, dirty-pagetable, leaks with pipe_buffer
you name it, it’s probably in here somewhere. The post walks all the way through to a getting reverse shell and includes a handful of really great references at the end.