The Way To Android Root: Exploiting Smartphone GPU
Xiling Gong, Eugene Rodionov
DEF CON 32 Main Stage · Day 1 · Main Stage
In "The Way To Android Root: Exploiting Smartphone GPU," members of the Android Red Team — Shishin, Xiling Gong, and Eugene Rodionov — unveiled a critical vulnerability, CVE 2024 23380, within Qualcomm Adreno GPU drivers that allowed for an unprivileged application to achieve root privileges on Android smartphones. The talk dissects the architecture of Adreno GPUs, highlights the inherent security risks associated with GPU drivers, and details the specific memory management flaw that was exploited. This research underscores the persistent challenges in securing complex hardware-software interfaces in modern mobile devices.
AI review
The Android Red Team delivered a solid technical deep-dive into CVE 2024-23380, a critical IOMMU misconfiguration in Qualcomm Adreno Gen 7+ GPU drivers that allows unprivileged Android applications to achieve root. The talk meticulously details the architectural changes in newer Adreno GPUs, particularly the introduction of Virtual Buffer Objects (VBOs) and the hardware scheduler, which created the attack surface. This research provides significant practical impact by highlighting a high-value attack vector and offering concrete defensive implications for GPU driver security and memory…