ForAllSecure targetted CSDS running CROMU_00055 in round 23.

Type 1 POV

eip:0x78031c67 - eax:0x647478af

Execution control corruption via return (return to: 0xbaaaaeb8).

Tracing data from eip: 0x9465fa5 tracing source of memory: 0xbaaaaeb8 (value: 0xbaaaaebc)

0x9465f96 : receive syscall (return)
0x9465fa5: ret // address: 0xbaaaaeb8 value: 0xbaaaaebc

Execution of memory occurred that was not part of the initial text sections or an executably allocated page.

Tracing data from eip: 0xbaaaaebc tracing source of memory: 0xbaaaaebc (value: 0xfff1fabc)

0x9465f96 : receive syscall (return)
0xbaaaaebc: mov esp,0xb7fff1fa // address: 0xbaaaaebc value: 0xfff1fabc

Negotiated general register: eax:0x647478af

Tracing data from eip: 0xbaaaaec2 tracing source of register: eax (value: 0x647478af)

0x9465f96 : receive syscall (return)
0xbaaaaec1 : pop eax
0xbaaaaec2: ret // address: eax value: 0x647478af

Curated by Lunge Technology, LLC. Questions or comments? Send us email