The following security vulnerability has been identified in the implementation of the Little Kernel (LK) booloader for Android.
The LK implementation performs basic tasks to start an operating system for the application processor. As part of that, it reads the Linux kernel and ramdisk from a boot or recovery image, loads it up to RAM based on the image header information, performs signature verification, and finally boots. Because of implicitly treating the header values that determine the load destination of the image as trusted, it was possible to load this image to arbitrary locations, including the memory of the LK application bootloader itself and thus overwrite, e.g., signature verification code.
Access Vector: local
Security Risk: critical
Vulnerability: improper input validation (CWE-20)
All Little Kernel (LK) bootloader implementations on CAF from the following heads:
We advise customers to apply the following patches:
This vulnerability has been disclosed by Dan Rosenberg via a post in the Azimuth Security blog.