ForAllSecure targetted CSDS running CROMU_00055 in round 9.

Type 1 POV

eip:0xaaa21ec - eax:0x430d01de

Execution control corruption via return (return to: 0xbaaaaeb8).

Tracing data from eip: 0x9465fa5 tracing source of memory: 0xbaaaaeb8 (value: 0xbaaaaebc)

0x9465f96 : receive syscall (return)
0x9465fa5: ret // address: 0xbaaaaeb8 value: 0xbaaaaebc

Execution of memory occurred that was not part of the initial text sections or an executably allocated page.

Tracing data from eip: 0xbaaaaebc tracing source of memory: 0xbaaaaebc (value: 0xfff1fabc)

0x9465f96 : receive syscall (return)
0xbaaaaebc: mov esp,0xb7fff1fa // address: 0xbaaaaebc value: 0xfff1fabc

Negotiated general register: eax:0x430d01de

Tracing data from eip: 0xbaaaaec2 tracing source of register: eax (value: 0x430d01de)

0x9465f96 : receive syscall (return)
0xbaaaaec1 : pop eax
0xbaaaaec2: ret // address: eax value: 0x430d01de

Curated by Lunge Technology, LLC. Questions or comments? Send us email