Preface: A system on a chip (SoC), is an integrated circuit that integrates all or most components of a computer or other electronic system. A SoC chip may have several GPIO components. Linux doesn’t usually run on Cortex-M, 8051, AVR, or other popular microcontroller architectures. Instead, we use application processors — popular ones are the Arm Cortex-A, ARM926EJ-S, and several MIPS iterations.

Background: How can mobile device download firmware directly from vendor if it don’t have windows, Linux or Mac workstation? Mobile device can use firmware downloader to check for the latest update for your device, download that firmware as long as you know the correct model, region, and firmware string.

The file which responsible for Firmware downloader function is (./drivers/nfc/nfcmrvl/fw_dnld.h). Furthermore, the file name (./drivers/nfc/nfcmrvl/main.c) is responsible for major function.

Vulnerability details: A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.

Use-After-Free (UAF) is a vulnerability related to incorrect use of dynamic memory during program operation. If after freeing a memory location, a program does not clear the pointer to that memory, an attacker can use the error to hack the program.

Official announcement: See the link for details on this vulnerability – https://github.com/torvalds/linux/commit/d270453a0d9ec10bb8a802a142fb1b3601a83098