I thought this was an excellent post when it came to explaining the exploitation strategy, and has it dealt with encrypted pointers the exploitation was pretty cool to see documented. However I did have some problems following on the actual vulnerability details.
A small bug in processing/validating the entries in the Merkel tree resulting in the theft of 2 million BNB ($586 Million USD at time of the original theft).
Excellent post covering three vulnerabilities in Huawei's Secure Monitor used to proxy/transition requests from the "normal world" usually from the hypervisor or kernel into the secure world.
At its core, a simple, yet odd Linux kernel issue, `__io_req_init_async` assumes that the new request (`req`) being submitted was submitted by its own worker, so it sets the `req->work.identity` to `current->io_uring`.
Great series of posts covering the authors research progress and eventual owning of a wireless scoreboard system.Unlike a lot of the attacks we cover, this had more of a hardware and even radio signal focus...
Just what can be accomplished when webhooks are allowed to access internal services, Cider Security takes a look specifically at abusing GitHub and GitLab webhooks to access internally hosted Jenkin instances.
**tl;dr** Two CVEs, one an integer overflow due to incorrectly assuming the compiler would optimize an `enum` into a single byte, and the other some uninitialized kernel stack variables that could be exposed to userspace.
A surprisingly simple bug in a well-fuzzed cryptographic library from Mozilla leading to an easy stack overflow in RSA-PSS code (vulnerability exists elsewhere also).
Straight forward version is two Out-Of-Bounds accesses in reading and writing the `Driver feature set`. A guest provided value is stored, and then used as an array index without any validation both in `PciVirtIOWriteMM` and in `PciVirtIOReadMM` giving relative read/write primitives.
Great exploit chain starts with a newline injection, leading to the ability to write "2" to any file culminating in a login and root code execution, all doable with remotely hosted javascript.