In functions charging_limit_current_write and charging_limit_time_write in /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.c have not checked the parameters, which causes a vulnerability.
Unvalidated input in the Oppo charger driver allows for arbitrary modification of charging parameters, potentially leading to denial-of-service or device compromise. Attackers can exploit this flaw by sending crafted commands to the vulnerable functions, bypassing crucial parameter checks and causing unexpected behavior. This vulnerability poses a significant risk to the availability and integrity of affected devices.
Step 1: Target Identification: The attacker identifies a vulnerable Oppo device running a susceptible firmware version.
Step 2: Command Injection: The attacker crafts a malicious command, potentially using ADB or other communication channels, to interact with the Oppo charger driver.
Step 3: Parameter Manipulation: The attacker sends a command to either charging_limit_current_write or charging_limit_time_write functions, providing crafted parameters.
Step 4: Function Execution: The vulnerable function receives the malicious parameters.
Step 5: Lack of Validation: The function executes without validating the provided parameters.
Step 6: Impact: The malicious parameters are used to modify the charging behavior, potentially leading to device damage, denial of service, or other unexpected behavior.
The vulnerability lies within the charging_limit_current_write and charging_limit_time_write functions in the oppo_charger.c file. These functions are responsible for setting the charging current and charging time limits, respectively. The root cause is the absence of input validation on the parameters passed to these functions. Specifically, the code does not check the values of the parameters before using them. This lack of validation allows an attacker to provide malicious values, potentially leading to a variety of issues. For example, an attacker could set the charging current to an extremely high value, potentially causing overcurrent and damaging the battery or other hardware components. Alternatively, an attacker could set the charging time to an extremely short value, leading to a denial-of-service condition by preventing the device from charging properly. The lack of validation creates a pathway for attackers to manipulate the device's charging behavior, leading to potential hardware damage or service disruption.