GeistHaus
log in · sign up

Faulty Stack Smashing Protection on ARM Systems

blog.inhq.net

I discovered during the analysis of the CVE-2021-31616 vulnerability that the stack canary logic in the KeepKey firmware was broken and could be bypassed to perform practical stack smashing attacks. Further investigation revealed that the incorrect stack protection assembler code is produced through a bug in certain GCC 9 and GCC 10 compiler versions for ARM, where it has been present for about a year. This problem has the potential to affect a wide range of ARM based embedded systems.

1 page links to this URL
Responses to the Commentariat on the -Werror Article - Embedded Artistry
Embedded Artistry LLC; Embedded Artistry Phillip Johnston

27 October 2023 by Phillip JohnstonThe article that has generated the most angry and aggressive comments over the years, usually via email but also occasionally as comments on places like Hacker News, is -Werror is Not Your Friend. I’ve updated that article several times over the past 6 years to address some of the common … Continue reading "Responses to the Commentariat on the -Werror Article"

0 inbound links article en Uncategorized