In early 2021, an external researcher reported to Google three lines of code indicating the xt_qtaguid kernel module, used for monitoring network socket status, had a Use-After-Free vulnerability (CVE-2021-0399) for 10 years. Unfortunately, the researcher did not provide any additional information or a PoC and stated the vulnerability was not exploitable on some Android devices due to the presence of CONFIG_ARM64_UAO. Thus, the Google Android Security team decided to investigate the likelihood of exploitation of this vulnerability.We will discuss and analyze the history of known vulnerabilities in the module xt_qtaguid along with the reported vulnerability...
By: Xingyu Jin & Richard Neal
Full Abstract & Presentation Materials: www.blackhat.c...