Exploit for CVE-2017-18344: https://github.com/xairy/kernel-exploits/blob/master/CVE-2017-18344/poc.c … Details: http://www.openwall.com/lists/oss-security/2018/08/09/6 …
Thanks! If there's a way to set some 8 byte kernel global variable from an unprivileged user, it could be used to bypass SMAP (by storing the pointer to the data you want to leak in this variable), but nothing really came to mind when I've been thinking about this
-
-
Yeah, having an unprivileged user store a kernel address on a global variable would resolve the whole problem. And I assume with heap spraying it would still be very hard to guess right
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.