lol
=> More informations about this toot | More toots from brenns10@snake.club
I'm reading this chapter because it began with this master class of snark that made me say "gosh maybe I don't know all the basics, I'd better not skip it"
=> More informations about this toot | More toots from brenns10@snake.club
@brenns10 I need to put this in mine
=> More informations about this toot | More toots from ljs@social.kernel.org
@ljs you don't want your readers to get too cocky
=> More informations about this toot | More toots from brenns10@snake.club
@brenns10 lol the second they hit the anon VMA stuff all such feeling will disappear and be replaced with despair
=> More informations about this toot | More toots from ljs@social.kernel.org
@ljs @brenns10 there was a fun anon_vma ->degree confusion bug that was fixed in 2022, where an assumption in vma mergability checks is broken and you can get an anon page mapped in a VMA which is not connected to the page's anon_vma, and that leads to anon_vma UAF
https://project-zero.issues.chromium.org/issues/42451486
=> More informations about this toot | More toots from jann@infosec.exchange
@jann @ljs @brenns10 my colleague managed to create a livepatch that somehow avoided adding the new fields, and I've reviewed it as that it should be working, but forgot all the details since ;)
=> More informations about this toot | More toots from vbabka@social.kernel.org
@vbabka @brenns10 @ljs oh yes, this patch was how I learned that security fixes that change struct layouts can be very annoying for people. I didn't know there was a livepatch tho
=> More informations about this toot | More toots from jann@infosec.exchange
text/geminiThis content has been proxied by September (ba2dc).