Samsung Kernel /dev/hdcp2 hdcp_session_close() Race Condition

In the Samsung kernel, the /dev/hdcp2 device ioctls seem to implement no locking, leading to multiple exploitable race conditions. For example, you can open a session with the HDCP_IOC_SESSION_OPEN ioctl, and then close it in multiple threads in parallel with the HDCP_IOC_SESSION_CLOSE. Since no locking is implemented in hdcp_session_close(), memory will be corrupted and the system will become unstable.


MD5 | d4c16edeb7e9bb6b2a66c4a9bfe48796


Related Posts