FlagThis

Abstract

This talk details the discovery of a critical vulnerability in the Imagination Technologies PowerVR GPU used in the Google Pixel 10 (Tensor SoC). By exploiting improper sanitization of free list configuration arguments in the driver, researchers demonstrated how to corrupt GPU stack pointer registers. This corruption allows the GPU hardware to act as an arbitrary 32-bit write primitive, enabling the overwriting of Linux kernel code. The presentation covers the transition from a hardware-level memory corruption to a full kernel exploit, including KASLR bypass and privilege escalation to root.