ForAllSecure targetted CSDS running KPRCA_00065 in round 24.


Type 2 POV

Reading from protected address: 0x4347ca68

0xbaaaaf23 : push dword ptr [0x4347ca68]

Execution control corruption via return (return to: 0xbaaaafa8).

Tracing data from eip: 0x8048e02 tracing source of memory: 0xbaaaafa8 (value: 0xbaaaaf1c)

0x804d333 : receive syscall (return)
0x804b2dd : mov dl,byte ptr [ecx+eax]
0x804b2e6 : mov byte ptr [ecx+eax],dl
0x8048e02: ret // address: 0xbaaaafa8 value: 0xbaaaaf1c

Execution of memory occurred that was not part of the initial text sections or an executably allocated page.

Tracing data from eip: 0xbaaaaf1c tracing source of memory: 0xbaaaaf1c (value: 0xf389f631)

0x804d333 : receive syscall (return)
0x804b2dd : mov dl,byte ptr [ecx+eax]
0x804b2e6 : mov byte ptr [ecx+eax],dl
0xbaaaaf1c: xor esi,esi // address: 0xbaaaaf1c value: 0xf389f631

Curated by Lunge Technology, LLC. Questions or comments? Send us email