Mayhem: Targeted Corruption of Register and Stack Variables
(www.openwall.com)
from stsp@azorius.net to cloudsec@azorius.net on 05 Jan 2024 08:58
https://azorius.net/g/cloudsec/p/qRZ6KKH5Kvwdf82fq9-Mayhem-Targeted-Corruption-of-Register-and-Stack
from stsp@azorius.net to cloudsec@azorius.net on 05 Jan 2024 08:58
https://azorius.net/g/cloudsec/p/qRZ6KKH5Kvwdf82fq9-Mayhem-Targeted-Corruption-of-Register-and-Stack
Our recent paper describes a potential vulnerability
where stack/register variables can be flipped via fault
injection, affecting execution flow in security-sensitive
code. There are mitigation strategies you may be
interested in incorporating into your code
We issued CVE-2023-42465 for SUDO for this vulnerability.
#cloudsec #rowhammer #sudo
threaded - newest