Security Focus: CVE-2023-20857 – vmware Workspace ONE Content (3rd Mar 2023 GMT+9)

Preface: It’s always easy to forget things. Forget even your girlfriend’s birthday. So, whatever security alerts, after more than a year, become worthless. It seems nothing. Maybe not for you. But I totally agree.

Background: If Android phone OS taken unofficial modified (ROOTED) . Users can install and run applications that can only be done with special permissions. Perhaps you will say, if such procedure taken. It is hard to garantee is there any malware implanted. So, run any mobile apps on top will be in risk. As a result. What is the actual meanings wriiten by VMware described in their security advisory?
Do you remember the following news?
The four security vulnerabilities discovered by Microsoft in 2021 affect programs developed by telecommunications companies such as AT&T using the mce Systems framework, as well as other Android and iOS programs that use the mce Systems framework, and affect many Android programs. mce Systems and telecommunications companies have completed patching.

Vulnerability details: A malicious actor, with access to a users rooted device, may be able to bypass the VMware Workspace ONE Content passcode.
For official information, see url – https://www.vmware.com/security/advisories/VMSA-2023-0006.html

CVE-2023-23005: Closer look of Linux kernel design weakness (memory-tier[.]c) – 2nd Mar 2023

Preface: A NUMA system is a computer platform that comprises multiple components or assemblies each of which may contain 0 or more CPUs, local memory, and/or IO buses.

Background: On new design Systems servers running Linux, a set of the PCIe slots support a unique feature called 64-bit direct memory access (DMA). DMA improves I/O operations, and, therefore, system performance.
The DMA engine is a generic kernel framework for developing a DMA controller driver. The main goal of DMA is offloading the CPU when it comes to copy memory. A pointer variable whose value is under kernel control and guaranteed by the kernel to always point into the kernel’s memory space, and hence is trustworthy. User pointers should always be verified to refer to user-level memory before being dereferenced.

Vulnerability details: In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer).
alloc_memory_type() returns error pointers on error instead of NULL. Use IS_ERR() to check the return value to fix this.

Official details: For details, see the link for reference – https://nvd.nist.gov/vuln/detail/CVE-2023-23005

CVE-2023-20937 Digging a little more, is this exactly where the problem occurs. (1st Mar 2023)

Preface: Top Programming Languages for Android App Development in 2023 · Most Popular Programming Languages for Android · Kotlin · Java · C# · C++/C · Python. What is C language use-after-free. Use-After-Free (UAF) is a vulnerability related to incorrect use of dynamic memory during program operation. If after freeing a memory location, a program does not clear the pointer to that memory, an attacker can use the error to hack the program.


Background: The Trusty OS runs on the same processor as the Android OS, but Trusty is isolated from the rest of the system by both hardware and software.Trusty provides APIs for developing two classes of applications/services: Trusted applications or services that run on the TEE processor.
Android uses the concept of user-authentication-gated cryptographic keys that requires cryptographic key storage and service provider and user authenticators. Android 9 and higher includes Protected Confirmation, which gives users a way to formally confirm critical transactions, such as payments.

Vulnerability details: In several functions of the Android Linux kernel, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.


Observation: A pointer in C is a variable that points to a memory location that stores a value as opposed to a variable that stores a value in memory. This distinction is important in C programming as developers can change a value in memory for a specific variable even if that variable is out of scope.
I predicted above matter caused the problem happen in shared memory environment.

Official details: See url links for details – https://nvd.nist.gov/vuln/detail/CVE-2023-20937