Lecture about ARM Memory Tagging Extension

TrustExecutor

https://www.youtube.com/watch?v=M8BVlx-ILOM

argante

More to study about bypassing MTE using speculative execution. Tested on ARMv8.5 devices (Google Pixel 8 and Pixel 8 pro).

TrustExecutor

argante Very interesting. What are the real world implication of this in the context of GrapheneOS and hardened_malloc's implementation of MTE? @GrapheneOS

other8026

I don't personally know this stuff very well, but I think this is the same thing that's been asked here before. If so, here's a couple responses that may be helpful.

The project was quoted by fid02 here: https://discuss.grapheneos.org/d/13612-tiktag-is-an-attack-on-arm-cpus-to-bypass-mte-protection/4

And the project responded in the same thread later on here: https://discuss.grapheneos.org/d/13612-tiktag-is-an-attack-on-arm-cpus-to-bypass-mte-protection/8

TrustExecutor

other8026
Thanks! Valuable info.

argante

CVE-2025-0072 can be used to gain arbitrary kernel code execution on a Pixel 8 with kernel MTE enabled.

Franco

argante CVE-2025-0072 can be used to gain arbitrary kernel code execution on a Pixel 8 with kernel MTE enabled.

I have a novice question about CVE-2025-0072:

I understand from the source that this vulnerability would affects Pixels 7, 8, 8, 9
"with newer Arm Mali GPUs that use the Command Stream Frontend (CSF) architecture, such as Google’s Pixel 7, 8, and 9"
The exploit has been tested on Pixel 8 by the author of this article
The fix for CVE-2025-0072 was part of the Android Security Bulletin—May 2025
| CVE References Severity Subcomponent
| CVE-2025-0072 A-391928904 * High Mali
This May 2025 security patch level has been deployed on GrapheneOS with the GoS update of:
5-May-2025 which contains "full 2025-05-01 security patch level"
or
7-May-2025 which contains "full 2025-05-05 security patch level"
Therefore, I understand that GoS has been patched and is currently not vulnerable anymore to CVE-2025-0072

Is my understanding correct?

argante

Franco Is my understanding correct?

Yes, as you pointed out, the May patches also apply to this vulnerability. I wonder if GOS shouldn't have at least partial support for LKRG. That protects against zero-day vulnerabilities. This attack is a standard example of the kind that LKRG should stop.

EDIT:

LKRG defeats many pre-existing exploits of Linux kernel vulnerabilities, and will likely defeat many future exploits (including of yet unknown vulnerabilities) that do not specifically attempt to bypass LKRG. While LKRG is bypassable by design, such bypasses tend to require more complicated and/or less reliable exploits.

Franco

I forgot to mention this reference from ARM on 7th May 2025: https://developer.arm.com/documentation/110465/latest/

dhhdjbd

argante
https://github.com/GrapheneOS/os-issue-tracker/issues/408

this might be relevant,
not sure if it is out of date now ofc

argante

dhhdjbd This is generally correct regarding to LKRG. From the very beginning, Adam Zabrocki (Adam-pi3 + solardiz) claimed that Linux needs an additional simple layer (hypervisor, ARM TrustZone), which the kernel would not have access to, and that LKRG should work in this layer. If it works in the same memory space as the kernel itself, then can be bypassed by an attacker. But even then, the attacker's exploit will have to race with LKRG to disable this mechanism before LKRG kills the process. See, now we had an exploit that bypassed MTE and disabled the SELinux module. If LKRG worked in such a kernel, then such an exploit had to be even more complicated and therefore harder to write. Otherwise, LKRG would kill such a process.