- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
cross-posted from: https://infosec.pub/post/18563178
Qualcomm has released security patches for a zero-day vulnerability in the Digital Signal Processor (DSP) service that impacts dozens of chipsets. […]
If only Android was based on mainline Linux! Who am I joking, cost is way more important than security.
Serious question though, can this be exploited via web assembly? Also is Lineage OS shipping patches? I know many devices have been abandoned by the vendors so it is entirely possible this will go unpatched in older devices
This is a vulnerability in a proprietary Qualcomm’s DSP. The patch will only be made available to OEMs. LineageOS cannot patch this vulnerability if the device itself is no longer receiving official updates.
how and when is the DSP used, though?
and what kind of code can take advantage of this? apps? javascript in browser apps? or a non-app system process with a specific privilege?
DSP (Digital Signal Processor) is used anywhere where a digital signal is processed like audio, video, etc. When you play your favourite media its played by your processor’s DSP instead of your CPU saving battery. Speech recognition is another area where DSP is used for this.
Nowadays, it does more than just play media. Including doing AI tasks on a NPU(Neural Processing Unit) like Object recognition, running LLM(Large Language Models) to generate pictures, suggest frequently used apps, etc.
As for code anything that processes signals can be accelerated by it.
User code does not get privileged access to it. JavaScript is sanboxed but system processes in chrome and firefox can use it for media playback.
For accelerated AI tasks on the NPU. It depends if the app developer leverage the specific neural SDK for Qualcomm, mediatek. Or use NNAPI API, or LiteRT
It’s standard on most smartphones like the CPU, GPU. If you want you can ask perplexity.ai for specific info in it.
I have given a short summary. But, there’s lot more you can read if interested.