Christos Zoulas wrote: > Well, it is using jit to load exploit code to the kernel, but how will > he jump to it? In the description he is using a module that lets you jump > to any location. If you have that, you can do whatever you want anyway...
They might spot use-after-free bug and reuse freed memory for bpf_d object which has a pointer to jit code. Alex
