On Tue, Jun 30, 2026 at 03:58:41PM +0100, Pedro Falcato wrote:
> On Tue, Jun 30, 2026 at 07:01:48AM -0700, Dave Hansen wrote:
> > On 6/29/26 18:22, Xiang Mei wrote:
> > >> Please don't even try to send a v3 without addressing this.
> > > This is a demo exploiting CVE-2026-31419 with this technique:
> > > https://github.com/google/security-research/pull/397
> > 
> > Thanks for sharing that. That's really good info.
> > 
> > But what I want to hear a bit more about is why this new guard region is
> > a good, generic mitigation. Does it help mitigate a whole class of
> > vulnerabilities?
> 
> I guess, to add to the questions (to Xiang and/or x86 people):
> 1) Aren't initiatives like kCFI/CET/shadow stack supposed to mitigate these
> issues? Is this mitigation supposed to be applied in spite of these features?
> 2) Aren't you screwed by the time the attacker gets kernel remote code
> execution anyway?

Right; so CFI is supposed to eliminate the forward control flow
hijacking primitives, and shadow-stack will hobble the backward ones.

The whole ENTER thing is really only relevant provided you have a
control flow hijack of some sort. Once you do, it makes it easier to
build out a ROP chain.

Reply via email to