Sensor drivers, in general, do not have any access to memory that they did not own before being registered. For example, if a sensor registers a buffer that was copied from user memory, the sensor driver is the only one that could have done that. This could lead to a sensor driver reading from or writing to kernel memory that it does not own. This out of bounds read or write can result in a local denial of service in the sensor driver. Sensor drivers are not subject to the same code review standards as other code. One reason for this is that sensor drivers are often developed by networking and other non-kernel developers. Another reason is that sensor drivers are often developed by non-programmers. Sensor drivers are often developed by vendors and sensor hardware companies. Vendors and sensor hardware companies often do not follow the same coding standards as other developers. Vendors and sensor hardware companies often do not follow the same security standards as other developers. This means that the same code review standards and security standards that are normally used for other code might not be used for sensor drivers.

How to detect if your sensor is affected

There is no way to detect if your sensor is affected by this vulnerability. You need to intentionally create an out of bounds write to see if or when it occurs. Luckily, the behavior of this vulnerability should be fairly obvious. If you write something into a sensor driver that cannot be seen in user memory, the driver will likely crash. The crash may not happen immediately, but it will happen eventually.

What You Can Do To Protect Yourself

The best way to protect yourself from exploitation of this vulnerability is to only allow trusted sensor driver components to execute code.
To exploit this vulnerability, an attacker would need to convince the victim user that he is not running a malicious application. This could be accomplished by convincing the victim user that the application has been updated and is safe. A more likely scenario for exploitation of this vulnerability is when an attacker has already gained access to a system through other means and starts with local privilege escalation.

How to detect if your kernel is affected by CVE-2022-39128

The easiest way to detect if your kernel is affected by CVE-2022-39128 is to run the following code:

if (kd>=8)

This code will tell you if your kernel has been updated past the 8th version. If your kernel has been updated, it means that it would be vulnerable to this exploit.

Timeline

Published on: 10/14/2022 19:15:00 UTC
Last modified on: 10/18/2022 18:08:00 UTC

References