|
|
|
|
|
|
by MertsA
3083 days ago
|
|
|
To elaborate on this, the write to the array isn't what's being read here. array[value_of_kernel_memory_byte] = 1; This assignment gets rolled back like it's supposed to. It's when reading the array after the rollback that the exploit measures that a read to array[value_of_kernel_memory_byte] is faster than the rest because that index is already in the cache. |
|
|