MobileRead Forums - View Single Post - CVE-2020-15999 => Kindle jailbreak now possible

ajoseph · 11-11-2020, 10:25 PM

Hey folks, there's a heap overflow in the freetype font rendering library, which (I'm virtually certain) the Kindle is using for user-provided fonts as well as for PDF rendering.

Here's the CVE:

https://www.cybersecurity-help.cz/vdb/SB2020102038

Most reports are calling this a "Google Chrome" weakness because that's where it was exploited first, but the vulnerability is actually in Freetype, which Google bundles with Chrome. So anything using Freetype two weeks ago is vulnerable.

I'm more of an embedded hardware guy and have never written exploits before, so trying to pull together a jailbreak on my own is probably a multi-month project... somebody with more experience can probably do it a lot quicker.

If you have past experience with jailbreaking Kindles and have a price in mind let me know. I'm willing to pay good money for a Kindle Oasis 3 jailbreak. It's the perfect piece of hardware for me except for the fact that I can't replace the software.

If anybody who has successfully authored a jailbreak in the past wants to take a crack at this I will send you a free KOA3 (I have a spare). Both my "daily driver" and this spare have never been connected to Wifi, so they didn't get the recent update (which I'm pretty sure closes this vuln). You need to demonstrate that you were the first to publish a jailbreak for one of the previous kindles, and publicly commit to working on this.

11-11-2020, 10:25 PM	#1
ajoseph Member Posts: 10 Karma: 10 Join Date: Jul 2020 Device: Kobo Forma running KOReader	CVE-2020-15999 => Kindle jailbreak now possible Hey folks, there's a heap overflow in the freetype font rendering library, which (I'm virtually certain) the Kindle is using for user-provided fonts as well as for PDF rendering. Here's the CVE: https://www.cybersecurity-help.cz/vdb/SB2020102038 Most reports are calling this a "Google Chrome" weakness because that's where it was exploited first, but the vulnerability is actually in Freetype, which Google bundles with Chrome. So anything using Freetype two weeks ago is vulnerable. I'm more of an embedded hardware guy and have never written exploits before, so trying to pull together a jailbreak on my own is probably a multi-month project... somebody with more experience can probably do it a lot quicker. If you have past experience with jailbreaking Kindles and have a price in mind let me know. I'm willing to pay good money for a Kindle Oasis 3 jailbreak. It's the perfect piece of hardware for me except for the fact that I can't replace the software. If anybody who has successfully authored a jailbreak in the past wants to take a crack at this I will send you a free KOA3 (I have a spare). Both my "daily driver" and this spare have never been connected to Wifi, so they didn't get the recent update (which I'm pretty sure closes this vuln). You need to demonstrate that you were the first to publish a jailbreak for one of the previous kindles, and publicly commit to working on this.