{"title":"Through the Window: On the exploitability of Xtensa's Register Window Overflow","authors":"Kai Lehniger, P. Langendörfer","doi":"10.1109/ITNAC55475.2022.9998407","DOIUrl":null,"url":null,"abstract":"While the name Xtensa is still mostly unknown to the public, the architecture plays a big role in the field of Internet of Things (IoT), be it in the form of custom designs or broadly used microcontrollers such as the ESP32 used inside millions of devices. This paper describes a newly discovered vulnerability that uses the window overflow exception handlers of an Xtensa LX processor to leak and manipulate data. To show its severity, an exploit is demonstrated that allows to disable Stack Canaries, a common protection against stack buffer overflows. Requirements and potential possibilities to escalate the vulnerability, including code-reuse attacks to completely compromise the attacked device. Finally, a countermeasure is introduced with a <0.5% runtime overhead in our worst-case scenario.","PeriodicalId":205731,"journal":{"name":"2022 32nd International Telecommunication Networks and Applications Conference (ITNAC)","volume":"113 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-11-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 32nd International Telecommunication Networks and Applications Conference (ITNAC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ITNAC55475.2022.9998407","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
While the name Xtensa is still mostly unknown to the public, the architecture plays a big role in the field of Internet of Things (IoT), be it in the form of custom designs or broadly used microcontrollers such as the ESP32 used inside millions of devices. This paper describes a newly discovered vulnerability that uses the window overflow exception handlers of an Xtensa LX processor to leak and manipulate data. To show its severity, an exploit is demonstrated that allows to disable Stack Canaries, a common protection against stack buffer overflows. Requirements and potential possibilities to escalate the vulnerability, including code-reuse attacks to completely compromise the attacked device. Finally, a countermeasure is introduced with a <0.5% runtime overhead in our worst-case scenario.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
