[novitoll]: CVE-2019-2215: TL;DR (eng) **no demo** скачать в хорошем качестве

[novitoll]: CVE-2019-2215: TL;DR (eng) **no demo**

Wildly used Android binder driver exploitation go-through. 00:32 - parts of my original video (December, 2019) 02:58 - impact of this CVE 04:15 - Maddie Stone 05:22 - syzkaller 07:04 - 0-day or 657-day? 09:15 - pre-requisities 09:40 - POC 12:04 - KASAN report 12:55 - use-after-free 15:40 - CONFIG_KASAN=y 16:58 - binder_ioctl() 17:55 - struct binder_thread, shown as Pahole output 20:00 - struct wait_queue_head 22:13 - access_ok() from v4.13 kernel 23:11 - addr_limit 24:54 - why do we need "struct iovec" for exploit? 26:10 - why do we need to leak "struct task_struct"? 27:57 - pics from my original slide where I showed how freed wait_queue_head pointers are used. 29:03 - exploit strategy 30:13 - offsets are crucial 31:10 - Stage 1. go briefly over Maddie Stone's poc.c 40:24 - Stage 2. Override addr_limit Follow me:   / novitoll   https://t.me/novitoll_ch Donate: https://www.donationalerts.com/r/novi...