On Thu, Jan 26, 2017 at 10:52 AM, Andy Lutomirski wrote:
> On Thu, Jan 26, 2017 at 8:59 AM, Thomas Garnier wrote:
>> Each processor holds a GDT in its per-cpu structure. The sgdt
>> instruction gives the base address of the current GDT. This address can
>> be used to bypass KASLR memory randomiza
On Thu, Jan 26, 2017 at 8:59 AM, Thomas Garnier wrote:
> Each processor holds a GDT in its per-cpu structure. The sgdt
> instruction gives the base address of the current GDT. This address can
> be used to bypass KASLR memory randomization. With another bug, an
> attacker could target other per-cp
