ForAllSecure targetted CSDS running CROMU_00055 in round 20.


Type 1 POV

eip:0x9ab548be - eax:0xcfef145


Execution control corruption via return (return to: 0xbaaaaeb8).

Tracing data from eip: 0x9465fa5 tracing source of memory: 0xbaaaaeb8 (value: 0xbaaaaebc)

0x9465f96 : receive syscall (return)
0x9465fa5: ret // address: 0xbaaaaeb8 value: 0xbaaaaebc

Execution of memory occurred that was not part of the initial text sections or an executably allocated page.

Tracing data from eip: 0xbaaaaebc tracing source of memory: 0xbaaaaebc (value: 0xfff1fabc)

0x9465f96 : receive syscall (return)
0xbaaaaebc: mov esp,0xb7fff1fa // address: 0xbaaaaebc value: 0xfff1fabc

Negotiated general register: eax:0xcfef145

Tracing data from eip: 0xbaaaaec2 tracing source of register: eax (value: 0xcfef145)

0x9465f96 : receive syscall (return)
0xbaaaaec1 : pop eax
0xbaaaaec2: ret // address: eax value: 0xcfef145

Curated by Lunge Technology, LLC. Questions or comments? Send us email