undefined | Better HN

0 pointscjbprime1y ago0 comments

Probably not, if you're implying remote code execution -- it was an out of bounds READ operation, not write, causing an immediate crash. Unlikely to be useful for anything other than taking systems offline (which can certainly be useful, but is not RCE).

0 comments

sudosysgen1y ago

It was a read operation during bytecode template initialization, in a driver that reads userland memory. An out of bound read operation to load code in a driver that maps user memory can easily lead to code execution and privilege escalation: if the attacker finds a way to get the out of bound read into memory they control, they could cause the driver to load a manufactured template and inject bytecode.

It's not clear that this specific vulnerability is exploitable, but it's exactly the kind of vulnerability that could be exploited for code execution.

j / k navigate · click thread line to collapse

0 pointscjbprime1y ago0 comments

0 comments

sudosysgen1y ago

It's not clear that this specific vulnerability is exploitable, but it's exactly the kind of vulnerability that could be exploited for code execution.

j / k navigate · click thread line to collapse