Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.social/users/Azeria/statuses/111053168811826637">Azeria (azeria@mastodon.social)'s status on Wednesday, 13-Sep-2023 09:26:14 JST</a><a href="https://mastodon.social/@Azeria" title="azeria@mastodon.social"><img src="https://gnusocial.jp/avatar/108882-48-20230321192304.webp" width="48" height="48" alt="Azeria" style="position: absolute; left: 0; top: 0;">Azeria</a></section><article><p>Time for an Arm-twist! CVE-2023-4039</p><p>Tom Hebb (Meta red team) and I discovered an 0day in GCC (for AArch64 targets) during my Arm exploitation training.</p><p>It renders stack canaries against overflows of dynamically-sized variables useless. </p><p><a href="https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64" rel="nofollow noreferrer">https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2053176#notice-4029570">In conversation</a><time datetime="2023-09-13T09:26:14+09:00" title="Wednesday, 13-Sep-2023 09:26:14 JST">Wednesday, 13-Sep-2023 09:26:14 JST</time> <span>from <span><a href="https://mastodon.social/@Azeria/111053168811826637" rel="external" title="Sent from mastodon.social via ActivityPub">mastodon.social</a></span></span><a href="https://mastodon.social/@Azeria/111053168811826637">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/1092262">Untitled attachment</a></label><br></li><li><label><a rel="external" href="https://gnusocial.jp/attachment/1513910">Untitled attachment</a></label><br><a href="https://files.mastodon.social/media_attachments/files/111/053/168/409/733/941/original/42720e71ca25313e.png" rel="external">https://files.mastodon.social/media_attachments/files/111/053/168/409/733/941/original/42720e71ca25313e.png</a></li><li><article><header><div>No result found on File_thumbnail lookup.</div><h5><a href="https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64">GCC Stack Protector Vulnerability AArch64</a></h5><div></div></header><div>A potential security issue in the stack-protector feature in GCC when targeting AArch64. Arm has published fixes to the GCC open-source project.</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Azeria (azeria@mastodon.social)'s status on Wednesday, 13-Sep-2023 09:26:14 JST Azeria
Time for an Arm-twist! CVE-2023-4039
Tom Hebb (Meta red team) and I discovered an 0day in GCC (for AArch64 targets) during my Arm exploitation training.
It renders stack canaries against overflows of dynamically-sized variables useless.
https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64
In conversationWednesday, 13-Sep-2023 09:26:14 JST from mastodon.socialpermalink
Attachments
1. Untitled attachment
2. Untitled attachment
  https://files.mastodon.social/media_attachments/files/111/053/168/409/733/941/original/42720e71ca25313e.png
3. No result found on File_thumbnail lookup.
  GCC Stack Protector Vulnerability AArch64
  A potential security issue in the stack-protector feature in GCC when targeting AArch64. Arm has published fixes to the GCC open-source project.

Public

Embed Notice

HTML Code

Corresponding Notice