> Mythos Preview identified a memory-corruption vulnerability in a production memory-safe VMM. This vulnerability has not been patched, so we neither name the project nor discuss details of the exploit.

Good morning Sir.

> Has anything changed here? I don't pay much attention but KASLR was considered basically useless for preventing LPE a few years ago.

No. It's still like this. Bonus point that there are always free KASLR leaks (prefetch side-channels).

But then, this thing is just.. I don't have a word for this. Just randomly read paragraphs from the post and it's like, what?

▲

staticassertion 2 hours ago | parent [-]

Oh, that. That's true, I didn't know Mythos found that one. I guess I will not comment further on it until there's a write up (edited out a bit more).

> It is easy to turn this into a denial-of-service attack on the host, and conceivably could be used as part of an exploit chain.

So yeah, perhaps some evidence to what I'm getting at. Bug density is too low in that project, it's high enough in others. I'll be way way way more interested in that.

> But then, this thing is just.. I don't have a word for this. Just randomly read paragraphs from the post and it's like, what?

I read about 30% and got bored. I suppose I should have been clearer, but my impression was pretty quickly "cool" and "not worth reading today".

▲

rfoo 2 hours ago | parent [-]

> I read about 30% and got bored.

I was lucky then :) Somehow I saw this first. And then the "somewhat reliably writing exploits for SpiderMonkey" part, and then the crypto libraries part. Finally I wonder why is there a Linux LPE mini writeup and realized it's the "automatically turn a syzkaller report to a working exploit" part.

Now that I read the first few things (meh bugs in OpenBSD, FFmpeg, FreeBSD etc) they are indeed all pretty boring!

	▲	staticassertion 2 hours ago \| parent [-]
		If people want exploitable syzkaller reports, following spender is free!