{"version":"1.0","provider_name":"The GitHub Blog","provider_url":"https:\/\/github.blog","author_name":"Man Yue Mo","author_url":"https:\/\/github.blog\/author\/mymo\/","title":"Rooting with root cause: finding a variant of a Project Zero bug","type":"rich","width":600,"height":338,"html":"<blockquote class=\"wp-embedded-content\" data-secret=\"557YSGDRmN\"><a href=\"https:\/\/github.blog\/security\/vulnerability-research\/rooting-with-root-cause-finding-a-variant-of-a-project-zero-bug\/\">Rooting with root cause: finding a variant of a Project Zero bug<\/a><\/blockquote><iframe sandbox=\"allow-scripts\" security=\"restricted\" src=\"https:\/\/github.blog\/security\/vulnerability-research\/rooting-with-root-cause-finding-a-variant-of-a-project-zero-bug\/embed\/#?secret=557YSGDRmN\" width=\"600\" height=\"338\" title=\"&#8220;Rooting with root cause: finding a variant of a Project Zero bug&#8221; &#8212; The GitHub Blog\" data-secret=\"557YSGDRmN\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" class=\"wp-embedded-content\"><\/iframe><script>\n\/*! This file is auto-generated *\/\n!function(d,l){\"use strict\";l.querySelector&&d.addEventListener&&\"undefined\"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!\/[^a-zA-Z0-9]\/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret=\"'+t.secret+'\"]'),o=l.querySelectorAll('blockquote[data-secret=\"'+t.secret+'\"]'),c=new RegExp(\"^https?:$\",\"i\"),i=0;i<o.length;i++)o[i].style.display=\"none\";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute(\"style\"),\"height\"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):\"link\"===t.message&&(r=new URL(s.getAttribute(\"src\")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener(\"message\",d.wp.receiveEmbedMessage,!1),l.addEventListener(\"DOMContentLoaded\",function(){for(var e,t,s=l.querySelectorAll(\"iframe.wp-embedded-content\"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute(\"data-secret\"))||(t=Math.random().toString(36).substring(2,12),e.src+=\"#?secret=\"+t,e.setAttribute(\"data-secret\",t)),e.contentWindow.postMessage({message:\"ready\",secret:t},\"*\")},!1)))}(window,document);\n\/\/# sourceURL=https:\/\/github.blog\/wp-includes\/js\/wp-embed.min.js\n<\/script>\n","thumbnail_url":"https:\/\/github.blog\/wp-content\/uploads\/2023\/04\/1200.630-Global@2x-1.png?fit=1200%2C630","thumbnail_width":1200,"thumbnail_height":630,"description":"In this blog, I\u2019ll look at CVE-2022-46395, a variant of CVE-2022-36449 (Project Zero issue 2327), and use it to gain arbitrary kernel code execution and root privileges from the untrusted app domain on an Android phone that uses the Arm Mali GPU. I\u2019ll also explain how root cause analysis of CVE-2022-36449 led to the discovery of CVE-2022-46395."}