Google Project Zero (GPZ) team recently reported the flaw on Samsung Android kernel. Noting that Samsung tried to resist the attack by modifying the kernel code, but thus exposing more vulnerabilities.
Fellow Jann Horn from GPZ said that not only Samsung, many smart phone manufacturers will add a custom driver downstream, in order to access the Android Linux kernel directly through the hardware. But in fact, it should be better to use the security features that already exist in the Linux kernel.
It is the above-mentioned types of errors found in the Horn of Galaxy A50 Android kernel, originally measures aimed at lowering the core security issue has triggered a memory corruption. Specifically, these vulnerabilities allow in some Galaxy devices running Android 9.0 and 10.0 "could execute arbitrary code." Google in November last year to report the error, Samsung, Samsung has been fixed in February just released an update for the Galaxy phones.
Currently, some Android phones to access the hardware through a dedicated help program, these programs help collectively referred to as the hardware abstraction layer (HAL) in Android. But in the Horn view, mobile phone manufacturers modify the Linux kernel, the core of the work they undermine its original attack locking performance. Like Samsung, as some custom features to be added is not necessary, can be deleted, it will not have any impact.
Therefore, he suggested that mobile phone manufacturers to use direct hardware access functions already supported Linux, without having to customize the Linux kernel code. If you want to make changes, then, "I think the device-specific kernel modifications is best placed upstream or into user space driver, where they can be more secure programming language and / or sandbox achieve, but also will not the updated version of the kernel complicated. "