https://totewaffler-5195.pages.dev/tags/ntoskrnl.exe/Recent content in Ntoskrnl.exe on PixiePoint SecurityHugoen-usMon, 30 Aug 2021 00:00:00 +0000https://totewaffler-5195.pages.dev/blog/0day-cve-2021-34486/Mon, 30 Aug 2021 00:00:00 +0000https://totewaffler-5195.pages.dev/blog/0day-cve-2021-34486/<p>The Event Tracing for Windows (ETW) mechanism allows the logging of kernel or application-defined events for debugging purposes. Developers are able to start and stop event tracing sessions, instrument an application to provide trace events, and consume trace events by calling the ETW set of user-mode Windows APIs. Eventually these will lead to corresponding syscall requests to the kernel (ntoskrnl.exe) to perform the functionalities.</p> <p>In the ETW request to update periodic capture state, under specific conditions, there exist an use-after-free vulnerability whereby an atacker is able to controllably allocate a 0x30-bytes buffer, free it and reuse this buffer subsequently to execute arbitrary code.</p>