Seth Jenkins

@jenkins@infosec.exchange
192 Followers
14 Following
8 Posts
Security Researcher | Google Project Zero
Seth JenkinsJun 13, 2024
My new Project Zero blog post, Driving Forward in Android Drivers is live! 🥳
https://googleprojectzero.blogspot.com/2024/06/driving-forward-in-android-drivers.html
Driving forward in Android drivers

Posted by Seth Jenkins, Google Project Zero Introduction Android's open-source ecosystem has led to an incredible diversity of manufactu...

Seth JenkinsJul 31, 2023
Jann HornJul 31, 2023
a char pointer
Show threadSeth JenkinsMar 17, 2023
@jann
Seth JenkinsMar 17, 2023
Jann HornMar 17, 2023

introduction to virtual memory layout, chaotic style:

On so-called 64-bit platforms, unlike on 32-bit platforms, by convention the kernel is placed in virtual memory directly before userspace memory. Negative addresses refer to kernel memory, positive addresses refer to userspace memory. For example, on x86-64 Linux without KASLR, the kernel text mapping is at -0x80000000. When hardware capabilities expand to accomodate larger virtual addresses, the address space grows in both directions.

Seth JenkinsJan 19, 2023
Blog post #2 is now live! Turns out some null-derefs (or other oopses) in the Linux kernel can still be exploitable.
https://googleprojectzero.blogspot.com/2023/01/exploiting-null-dereferences-in-linux.html
Exploiting null-dereferences in the Linux kernel

Posted by Seth Jenkins, Project Zero For a fair amount of time , null-deref bugs were a highly exploitable kernel bug class. Back when...

Seth JenkinsJan 3, 2023
Jann HornDec 8, 2022
Seth Jenkins (@jenkins) wrote a blog post on a new kernel exploitation technique for exploiting a temporary-increment-at-controlled-address bug without an infoleak: https://googleprojectzero.blogspot.com/2022/12/exploiting-CVE-2022-42703-bringing-back-the-stack-attack.html
Exploiting CVE-2022-42703 - Bringing back the stack attack

Seth Jenkins, Project Zero This blog post details an exploit for CVE-2022-42703 (P0 issue 2351 - Fixed 5 September 2022), a bug Jann Horn ...

Seth JenkinsDec 19, 2022

Looks like KPTI isn't being very "helpful" to mitigate prefetch attacks after all.
https://www.willsroot.io/2022/12/entrybleed.html

Also for those interested, the PoC code for both the prefetch technique and the CEA stack attack can be found here:
https://bugs.chromium.org/p/project-zero/issues/detail?id=2351
Cool work!

EntryBleed: Breaking KASLR under KPTI with Prefetch (CVE-2022-4543)

A blog about pentesting, CTFs, and security

Seth JenkinsDec 12, 2022
I'm on Mastodon! Here's my latest blog post for those of you who haven't gotten it from my colleague @jann :)
https://googleprojectzero.blogspot.com/2022/12/exploiting-CVE-2022-42703-bringing-back-the-stack-attack.html?m=1
Exploiting CVE-2022-42703 - Bringing back the stack attack

Seth Jenkins, Project Zero This blog post details an exploit for CVE-2022-42703 (P0 issue 2351 - Fixed 5 September 2022), a bug Jann Horn ...