Summary

Last year we published research at Black Hat in which we disclosed multiple vulnerabilities in Huawei Kirin SoC’s DDR Controller (DMSS) Access Permission system which allowed some SoC cores or DMA-capable peripherals to directly access secure world memory and completely compromise the entire memory of the SoC. This advisory focuses on a new access permission vulnerability in the same DMSS. The vulnerability can be used to entirely compromise the SoC platform runtime (including all cores running in Secure World) directly from the Baseband. The vulnerability was fixed in February 2022.

Vulnerability Details

This vulnerability is very similar to CVE-2021-39991 (“Huawei DMSS Memory Access Management Configuration Unathorized Rewrite Via Peripheral DMA”). The difference is that the culprit is another DMA peripheral, the ASP DMA. The ASP (Audio Signal Processing) DMA is used by both the kernel and the modem to transmit audio data between these cores and peripherals. The drivers/hisi/hi64xx/asp_dma.c kernel source files contain the code that programs this DMA engine:

#define ASP_DMA_CX_LLI(j)               (0x0800+(0x40*j))
#define ASP_DMA_CX_BINDX(j)             (0x0804+(0x40*j))
#define ASP_DMA_CX_CINDX(j)             (0x0808+(0x40*j))
#define ASP_DMA_CX_CNT1(j)              (0x080C+(0x40*j))
#define ASP_DMA_CX_CNT0(j)              (0x0810+(0x40*j))
#define ASP_DMA_CX_SRC_ADDR(j)          (0x0814+(0x40*j))
#define ASP_DMA_CX_DES_ADDR(j)          (0x0818+(0x40*j))
#define ASP_DMA_CX_CONFIG(j)            (0x081C+(0x40*j))
#define ASP_DMA_CX_AXI_CONF(j)          (0x0820+(0x40*j))

int asp_dma_config(...) {
  ...
  /* disable dma channel */
  _dmac_reg_clr_bit(ASP_DMA_CX_CONFIG(dma_channel), 0);

  _dmac_reg_write(ASP_DMA_CX_CNT0(dma_channel), lli_cfg->a_count);

  /* set dma src/des addr */
  _dmac_reg_write(ASP_DMA_CX_SRC_ADDR(dma_channel), lli_cfg->src_addr);
  _dmac_reg_write(ASP_DMA_CX_DES_ADDR(dma_channel), lli_cfg->des_addr);
  ...
}

int asp_dma_start(...) {
  ...
  _dmac_reg_write(ASP_DMA_CX_CONFIG(dma_channel), lli_cfg->config);
  ...
}

Just as in the case of CVE-2021-39991, this peripheral is allowed to modify ASI entries.

As such, an ASP DMA transaction to modify the entry at 0xffe80610 by updating the corresponding SOC_DMSS_ASI_SEC_RGN_MAP0.rgn_base_addr field with the address of 0x00000000 leads to the DMSS allowing the modem to access and modify arbitrary DDR content (physical address) in the 0x000000000x2bc7ffff range. The memory content below 0x20000000 is where Linux kernel, trustfirmware, teeos, and most of the other firmwares are all loaded.

For a detailed description of the vulnerability impact, see our presentation.

Affected Devices (Verified)

  • Kirin 990
    • Huawei Mate 30 Pro (LIO)
    • Huawei P40 Pro (ELS)
    • Huawei P40 (ANA)

Fix

Huawei OTA images, released after February 2022, contain the fix for the vulnerability.

Timeline

  • 2021.08.05. Bug reported to Huawei PSIRT
  • 2021.09.08. Huawei PSIRT confirms vulnerability, does not provide severity rating
  • 2021.09.21. Additional reporting to Huawei PSIRT shows Kirin 9000 is vulnerable
  • 2021.10.19. Update Requested
  • 2021.10.20. Huawei confirms final assessment and High severity rating
  • 2022.02.03. Huawei promises a later response
  • 2022.02.25. Huawei confirms CVE released in security bulletin, confirms disclosure allowed in May