172 - Patch Gaps and Apple Neural Engine Vulns
An out-of-bounds write in the
ZinComputeProgramGetNamesFromMultiPlaneTitledCompressed() functions of the Apple Neural Engine (ANE). These functions are responsible for parsing procedure I/O, and will take some arguments including an output
planes array of kernel pointers to user-controlled data, as well as a
planeCount for how many planes to copy into that array. The problem is, there’s no validation on how many planes a model can supply. This leads to an out of bounds write of kernel pointers to user-controlled data on the stack. This can be taken advantage of in multiple ways, including getting a heap overflow later on, or causing a type confusion by switching out some other kernel pointer on the stack for one with data you control.
Another vulnerability in Apple Neural Engine (ANE). Interestingly, this one’s a double fetch yielding out-of-bounds write in
ZinComputeProgramUpdateMutables(). Somewhat complex codebase, but what’s important is that one of the functions that gets called by this function is
ANECGetMutableOperationInfo(), which fetches an
opsInfo object from shared memory. One field in particular,
op_count, is used to allocate an array of mutable weight objects, but it’s double fetched. It’s fetched first to allocate the array, then again later on to populate it. By using a thread to switch out the
op_count for a larger value post-allocation, you can achieve an OOB write of two 64-bit values (a kernel address to user-controlled data, and a semi-arbitrary 64-bit value).