Mayhem: Targeted Corruption of Register and Stack Variables (www.openwall.com)
from stsp to cloudsec on 05 Jan 2024 07:58
https://azorius.net/g/cloudsec/p/qRZ6KKH5Kvwdf82fq9-Mayhem-Targeted-Corruption-of-Register-and-Stack

Our recent paper describes a potential vulnerability
where stack/register variables can be flipped via fault
injection, affecting execution flow in security-sensitive
code. There are mitigation strategies you may be
interested in incorporating into your code

We issued CVE-2023-42465 for SUDO for this vulnerability.

#cloudsec #rowhammer #sudo

tedu on 05 Jan 2024 18:58 collapse

Nice find!