It's possible to create top-level allocator type confusions when a dangling pointer (created via a slab-based UAF) ends up reallocated by the page allocator (e.g. as a VFS cache page, a Page Table Entry, etc). Memory Tagging or virtual address range separation needs to be used to block the "reuse" of the dangling pointer.
It's possible to create top-level allocator type confusions when a dangling pointer (created via a slab-based UAF) ends up reallocated by the page allocator (e.g. as a VFS cache page, a Page Table Entry, etc). Memory Tagging or virtual address range separation needs to be used to block the "reuse" of the dangling pointer.