Kernel buffer overflow exposes iPhone 11 Pro to radio based attacks
Timon Gehr
timon.gehr at gmx.ch
Fri Dec 4 09:24:43 UTC 2020
On 04.12.20 08:03, Walter Bright wrote:
> On 12/3/2020 8:13 PM, Adam D. Ruppe wrote:
>> On Friday, 4 December 2020 at 04:08:31 UTC, Walter Bright wrote:
>>> One of them, the simplest, is just execute a halt instruction.
>>
>> which wouldn't help kernel code at all fyi
>
> Infinitely better than a buffer overflow.
In ring 0 where the kernel runs, `HLT` does not prevent the buffer
overflow, it's just delayed until the next external interrupt.
Essentially, it would behave in a way similar to this:
if(i > a.length){
Thread.sleep();
}
a.ptr[i]=x;
The only reason why `HLT` terminates execution of userspace code is that
such code does not have sufficient permissions to execute the
instruction; in the kernel, it would not do much.
More information about the Digitalmars-d
mailing list