Kernel buffer overflow exposes iPhone 11 Pro to radio based attacks
Andrei Alexandrescu
SeeWebsiteForEmail at erdani.org
Fri Dec 4 13:58:07 UTC 2020
On 12/4/20 4:24 AM, Timon Gehr wrote:
> On 04.12.20 08:03, Walter Bright wrote:
>> On 12/3/2020 8:13 PM, Adam D. Ruppe wrote:
>>> On Friday, 4 December 2020 at 04:08:31 UTC, Walter Bright wrote:
>>>> One of them, the simplest, is just execute a halt instruction.
>>>
>>> which wouldn't help kernel code at all fyi
>>
>> Infinitely better than a buffer overflow.
>
> In ring 0 where the kernel runs, `HLT` does not prevent the buffer
> overflow, it's just delayed until the next external interrupt.
>
> Essentially, it would behave in a way similar to this:
>
> if(i > a.length){
> Thread.sleep();
> }
> a.ptr[i]=x;
>
> The only reason why `HLT` terminates execution of userspace code is that
> such code does not have sufficient permissions to execute the
> instruction; in the kernel, it would not do much.
Had no idea. Thanks!
More information about the Digitalmars-d
mailing list