lonialcon2
commented
5 months ago Hiya!
I've been reviewing your submission and have a few suggestions to improve it a bit!
Genmask States: Could we add a section explaining the different genmask states (
nft_is_activevs.nft_is_active_next)? Providing context on why using the incorrect state is problematic would help other readers understand the source of the vulnerability.Object Caches: It would be helpful to specify which caches the affected objects are stored in. This could further clarify the exploit's impact.
The purpose and type of this code snippet are not immediately clear:
*(uint64_t *)&pad[0x78] = kernel_off + 0xFFFFFFFF83967420;//last typeCould you please elaborate on where this is used within the exploit, why it's necessary, and what the expected data type is?
Thanks for participating in kernelCTF! :)
Cheers,
Jordy
Hi,
I've added more details of exploit.md and exploit.c. Please check it.
Thanks,
Lonial con
Hiya!
I've been reviewing your submission and have a few suggestions to improve it a bit!
Genmask States: Could we add a section explaining the different genmask states (
nft_is_activevs.nft_is_active_next)? Providing context on why using the incorrect state is problematic would help other readers understand the source of the vulnerability.Object Caches: It would be helpful to specify which caches the affected objects are stored in. This could further clarify the exploit's impact.
The purpose and type of this code snippet are not immediately clear:
Could you please elaborate on where this is used within the exploit, why it's necessary, and what the expected data type is?
Thanks for participating in kernelCTF! :)
Cheers,
Jordy