First goes into some background details on QMI, what kinds of services it provides, and details on how they fuzzed the interface (used QEMU hexagon to emulate the modem in conjunction with AFL).They talk about one of the vulns the fuzzer dug up, which was a heap overflow in the voice service's `call_config_req` handler...
Very long post, covering an old issue (2013) tons of background about Java bytecode, App Engine and ASM (library).Some context for the issue is that App Engine would perform in-process sandboxing...
`/proc//syscall` fills in a `struct syscall_info` using an architecture specific implementation.The structure has a `u64[6]` for argument registers to be put into...
Two vulns related to properties on a DirectComposition buffer.Adding a new property it adds it, then checks some values and potentially returns an error before finalizing, but the property gets added...
**tl;dr** Cleverly crafting a packet with a large header+options length could cause a null dereference. The net buffer would be created with DataSize=uint16_t(length), but it would attempt to read with size=length (no truncation), which would result in an error case and a null return.