Mayhem: Targeted Corruption of Register and Stack Variables (
from stsp to cloudsec on 05 Jan 2024 07:58

Our recent paper describes a potential vulnerability
where stack/register variables can be flipped via fault
injection, affecting execution flow in security-sensitive
code. There are mitigation strategies you may be
interested in incorporating into your code

We issued CVE-2023-42465 for SUDO for this vulnerability.

#cloudsec #rowhammer #sudo

threaded - newest

tedu on 05 Jan 2024 18:58 collapse

Nice find!