Skin in the Game: Survival of GPU IOMMU Irregular Damage
Fish, Ling Hanqin
OffensiveCon 2025 · Day 2 · Main
Researchers from Pangu Team dissect GPU IOMMU memory management across Mali, Adreno, and PowerVR — three entirely distinct architectures — and show how each one's private MMU design creates its own exploitable assumptions. The talk culminates in live root exploits on Mali (CVE-2023-6241) and PowerVR (CVE-2024-31333), with a novel integer overflow technique that reduces memory requirements for the PowerVR attack from ~1,536 GB to a practical ~3 GB. ---
AI review
Pangu Team delivers a systematic cross-architecture GPU IOMMU study spanning Mali, Adreno, and PowerVR, with six CVEs dissected and two live root exploits demonstrated on stage. The PowerVR integer overflow technique — reducing an infeasible 1,536 GB theoretical attack to a practical 3 GB via reservation sizing — is the kind of quantitative attack optimization that elevates a good talk into essential OffensiveCon material. Real primitives, real demos, real root.