My writeup for @SpamAndHex Secstore kernel pwning challenge. Real curious what the intended solution was for part 2... #SpamAndFlags pwnfirstsear.ch/2020/05/10/spa…
1
5
18
0
0
@thatnumbersguy_ @SpamAndHex At first, I couldn't notice the easy bug but thought the bug was the case when len == 0. If len == 0, the kernel processes nothing but if there is uninitialized data in a pointer returned from kmalloc(0), the hardware may process it. But it seemed impossible to exploit...