• Jannik2099@alien.topB
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    This is incorrect, the “default value” is a poorly translated example from the german article - this exploit does NOT rely on resetting any SEV-specific memory or similar.

    • pullupsNpushups@alien.topB
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      I re-read the article and the original ComputerBase article, and I think I have a better understanding of it now. You can read my update and let me know if I’m still misunderstanding it.

      • Jannik2099@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Yes, you understood correctly.

        This is also not a rare occurence, you can programmatically find locations in a binary where un-doing a cached write allows manipulating control flow - there are more examples in the paper.

        You will likely find these locations (called gadgets) in just about every binary - not because all devs are stupid and set the default to the “exploitable” case, but because this is how compiler code generation pans out in the grand scheme of things.