OS-MOBILE -- Snort has detected traffic targeting vulnerabilities in a mobile-based operating system. This does not include browser traffic or other software on the OS, but attacks against the OS itself. (such as?)
OS-MOBILE Mali GPU memory alias privilege escalation attempt
This rule is looking for operating system profiling that is consistent with exploitation to gain root on Linux based systems that contain a Mali GPU.
What To Look For
This rule is triggered by a malicious file attempting to use a known exploit against the Mali GPU.
Public information/Proof of Concept available
No known false positives
Cisco Talos Intelligence Group
MITRE ATT&CK Framework
Tactic: Privilege Escalation
Technique: Exploitation for Privilege Escalation
For reference, see the MITRE ATT&CK vulnerability types here:
Escalation of Privilege
An Escalation of Privilege (EOP) attack is any attack method that results in a user or application gaining permissions to access resources they normally would not have access to.
CVE Additional Information
CVE-2022-20186In kbase_mem_alias of mali_kbase_mem_linux.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-215001024References: N/A
||Ease of Access||LOW