Arm Mali CSF VMA Split Mishandling

In the Arm Mali driver's handling of CSF user I/O mappings, VMA splitting is handled incorrectly, leading to a page being given back to the kernel's page allocator while it is still mapped into userspace. On devices with recent Mali GPUs that support CSF, this is a security bug that should be very straightforward to exploit.

SHA-256 | 6ee0db58337e2459a3e0a317b84488b6c9019397c42a860c2baea1a6661f8592

Related Posts