combine with P0 null-page mmap bypass on older kernels / AMD or no-smep systems and you got yourself an easy ret2usr exploit
-
-
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Do you see this in LTS 4.9?
-
don't know any Ubuntu lts versions that use 4.9? Upstream is fixed, it's just Ubuntu being special
- Još 2 druga odgovora
Novi razgovor -
-
-
-
hahah looks like it got un-"patched" in recent kernels. your version has the patch applied. try something more recent.. mine was 4.4.0-161 from Aug this year
- Još 6 drugih odgovora
Novi razgovor -
-
-
@colinianking This looks like a bad backport in Ubuntu's 4.4. The upstream v4.4 doesn't carry the speculation fix at all. When posix_clocks[] changed from registration to static, the now-redundant .clock_get check was removed. It shouldn't be for v4.4: https://kernel.ubuntu.com/git/ubuntu/ubuntu-xenial.git/commit/kernel/time/posix-timers.c?id=eb4a3a43d161cc361b0983f198136fe5a4aac425 … -
We've now got a fix making its way into our kernels: https://lists.ubuntu.com/archives/kernel-team/2019-October/104582.html …
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.