On the Google Project Zero blog, Jann Horn looks
at a number of vulnerabilities in a Samsung Android kernel, some of
which are caused by the addition of out-of-tree “security” features.
“The Samsung kernel on the A50 contains an extra security subsystem
(named ‘PROCA’, short for ‘Process Authenticator’, with code in
security/proca/) to track process identities. By combining several logic
issues in this subsystem (which, on their own, can already cause a mismatch
between the tracking state and the actual process state) with a brittle
code pattern, it is possible to cause memory unsafety by winning a race
condition.“

Source: LWN.net – Horn: Mitigations are attack surface, too