google / security-research Goto Github PK

Referencing @taviso post about ZenBleed at https://lock.cmpxchg8b.com/zenbleed.html :

First, thanks for an excellent explanation. I was able to reproduce the problem on an "AMD EPYC 7402P 24-Core" system.

Second, the "chicken bit" mitigation worked on this system under Ubuntu 22.04 LTS, but required these extra steps

apt install msr-tools
modprobe msr 
wrmsr -a 0xc0011029 $(($(rdmsr -c 0xc0011029) | (1<<9)))

Without the modprobe you get a weird error message from the shell when wrmsr tries to
interpret the rdmsr: open: No such file or directory error described in the rdmsr(1)
man page.

I am not sure how valid GHSA-mjmj-j48q-9wg2 really is. In https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in the SnakeYAML author & maintainer disqualified the report and labelled it as "won't fix".

In GHSA-mjmj-j48q-9wg2
you call out that snakeyaml has a vulnerability in version 1.30 and that the vulnerability has been disclosed. You do not however call out any fixes in either artifact versions or commits. The developers don't seem to have added any clearly related commits after your disclosure date and it's left ambiguous to the reader if a fix exists or is planned.

Commit log: https://bitbucket.org/snakeyaml/snakeyaml/commits/

I'm working on "CVE-2023-22098, CVE-2023-22099, CVE-2023-22100", in which I am testing this "CVE-2023-22098" repo and setting up the environment;

however, i'm unable to open the calculator after running "insmod exploit .ko"

Also i've tried :

• change the char calc[] = "/home/a.sh/"; ( where this creates a simple a.txt file) - not working
• Disable ASLR & apparmor - not working
• used demsg - there's no error's demsg.txt

my env: ubuntu 22.04(host machine) >> Vbox 7.0.10v >>ubuntu 20.04(vm)

2. Just wanted to know about other vuln : CVE-2023-22099, CVE-2023-22100

This issue was automatically created by Allstar.

Security Policy Violation
Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

Artifacts Found

• pocs/cpus/ret2aslr/src/attacker
• pocs/cpus/ret2aslr/src/victim

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

Allstar has been installed on all Google managed GitHub orgs. Policies are gradually being rolled out and enforced by the GOSST and OSPO teams. Learn more at http://go/allstar

This issue will auto resolve when the policy is in compliance.

Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.

Hey @rcorrea35

I spent a ton of time working with this maintainer and they finally fixed the security vulnerability in version 2.0

Please review the following issue:
https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in

Please update your advisory, and the CVE to reflect this! 😃

on https://github.com/google/security-research/blob/master/kernelctf/rules.md, formatting the rewards amounts to 3 decimal places is just awkward. On that page, I see the following reward amounts:

• $21.337
• $10.000
• $20.000
• $21.000
• $10.500
• $0 to $20.000

This is really confusing, as the separator for whole vs fractional numbers differs by region: https://en.wikipedia.org/wiki/Decimal_separator

For those that are used to using a period "." as a group separator for large numbers, someone could read "$21.337" to mean "twenty-one thousand... dollars". If that is the intent here, I would maybe not use the USD symbol, as most people assume a period "." is used as a decimal separator.

Most people use the hint of only having 2 decimal to know which format you are talking about. If this page is indeed treating "21.337" to mean "21 dollars and 337 cents), I would explicitly state that or change the formatting of these numbers.

Should the title of Amazon: RDSS SQL Server be Amazon: RDS SQL Server (RDS instead of RDSS)?

Hi Team,

Apologies I missed some obvious steps, but I couldn't find how to build the reproducer at:

GHSA-mj4w-6495-6crx

It seems to be missing some function definitions that I couldn't find in the repo, and I wasn't sure if that was on purpose, or if some files need to be included in order for others to play with the reproducer. e.g.:

$ gcc -o victim test.c -O0 -masm=intel -w                 -DVICTIM
test.c:10:10: fatal error: utils.h: No such file or directory
   10 | #include "utils.h"
      |          ^~~~~~~~~
compilation terminated.

Then trying to include another utils.h file from pocs/cpus/ret2aslr/src/utils.h, getting:

$ gcc -o victim test.c -O0 -masm=intel -w                 -DVICTIM
/usr/bin/ld: /tmp/cclLHZ8z.o: in function `poison':
test.c:(.text+0x215): undefined reference to `jitForLoop'
/usr/bin/ld: test.c:(.text+0x2aa): undefined reference to `rdmsr_on_cpu'
/usr/bin/ld: /tmp/cclLHZ8z.o: in function `main':
test.c:(.text+0x443): undefined reference to `SetCoreAffinity'
collect2: error: ld returned 1 exit status

Thanks in advance for your help!