Vulnerabilities (Page 20)

Type confusion in Internet Explorer's JScript9 engine [CVE-2022-41128]

A JIT optimization based type confusion in jscript9.The root cause of this bug is the fact that the OptArraySrc optimization would call ShouldExpectConventionalArrayIndexValue() to decide if it should keep a type check in place, but that function could sometimes return false and cause the optimization to remove a type check when it shouldn’t…

 

Exploitation of a fairly constrained UAF Primitive in the Linux Kernel [CVE-2022-42703]

A post on exploiting a bug that Jann Horn discovered in the linux kernel’s memory management (MM) subsystem.The bug isn’t detailed in this post and is fairly complex (there is a project zero bug report but it’s difficult to understand without deep knowledge of MM internals), though they state it will be written up in a future blogpost…