Kernel buffer overflow exposes iPhone 11 Pro to radio based attacks

[IGotD-]

On Friday, 4 December 2020 at 09:24:43 UTC, Timon Gehr wrote:
>
> In ring 0 where the kernel runs, `HLT` does not prevent the 
> buffer overflow, it's just delayed until the next external 
> interrupt.
>
> Essentially, it would behave in a way similar to this:
>
> if(i > a.length){
>     Thread.sleep();
> }
> a.ptr[i]=x;
>
> The only reason why `HLT` terminates execution of userspace 
> code is that such code does not have sufficient permissions to 
> execute the instruction; in the kernel, it would not do much.

Correct so if this was a kernel, then if you get a interrupt like 
pressing a key or if there are any pending interrupts, the HLT 
instruction would just continue. For kernels, the best choice 
would be some kind of function that is supposed to be called or a 
panic function that the programmer can fill in. This would be the 
most versatile option for those scenarios.