Kernel buffer overflow exposes iPhone 11 Pro to radio based attacks
Jacob Carlborg
doob at me.com
Fri Dec 4 15:28:04 UTC 2020
On 2020-12-04 10:24, Timon Gehr wrote:
> In ring 0 where the kernel runs, `HLT` does not prevent the buffer
> overflow, it's just delayed until the next external interrupt.
>
> Essentially, it would behave in a way similar to this:
>
> if(i > a.length){
> Thread.sleep();
> }
> a.ptr[i]=x;
>
> The only reason why `HLT` terminates execution of userspace code is that
> such code does not have sufficient permissions to execute the
> instruction; in the kernel, it would not do much.
The just use another instructions that the kernel doesn't have access
to. There's always a more privileged mode.
--
/Jacob Carlborg
More information about the Digitalmars-d
mailing list