On Tue, Jun 30, 2026 at 03:58:41PM +0100, Pedro Falcato wrote: > On Tue, Jun 30, 2026 at 07:01:48AM -0700, Dave Hansen wrote: > > On 6/29/26 18:22, Xiang Mei wrote: > > >> Please don't even try to send a v3 without addressing this. > > > This is a demo exploiting CVE-2026-31419 with this technique: > > > https://github.com/google/security-research/pull/397 > > > > Thanks for sharing that. That's really good info. > > > > But what I want to hear a bit more about is why this new guard region is > > a good, generic mitigation. Does it help mitigate a whole class of > > vulnerabilities? > > I guess, to add to the questions (to Xiang and/or x86 people): > 1) Aren't initiatives like kCFI/CET/shadow stack supposed to mitigate these > issues? Is this mitigation supposed to be applied in spite of these features? > 2) Aren't you screwed by the time the attacker gets kernel remote code > execution anyway?
Right; so CFI is supposed to eliminate the forward control flow hijacking primitives, and shadow-stack will hobble the backward ones. The whole ENTER thing is really only relevant provided you have a control flow hijack of some sort. Once you do, it makes it easier to build out a ROP chain.

