Credit: Chris Evans
In a follow-up to his work on compromising Linux through NES emulator 6502 opcodes, Chris Evans explores and exploits a subtle emulation error in the Super Nintendo audio coprocessor emulator of gStreamer, leading to 100% reliable drive-by attacks against Fedora 25 and Google Chrome. In addition to gStreamer on Fedora, the primitives supported by these vulnerabilities allow for reliable exploitation of the nome-video-thumbnailer and totem applications on Ubuntu Linux. Is it finally the year of Linux Desktop 0-day?
Compromising Linux using SNES Sony SPC700 Processor Opcodes
(CESA-2016-0012 & CESA-2016-0013)