Patch diffing CVE-2022–21907

Only a few changed functions
UlpFreeFastTracker Unpatched (on the left) And patched on the right
memset is added
additional memset of 0
memset 0 on 290 byte buffer at rax
There is a call to UlpFreeFastTracker from UlfastSendHttpResponse
Direct path into UlpAllocateFastTracker
This looks promising

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Chris Hernandez

Chris Hernandez

Red Teamer — Security Researcher — Breaking things is fun, except when its not