I combined DEVCORE's CVE-2024-35250 with the CVE-2024-30084 double fetch bug and the Cloud Filter memory trap technique by @tiraniddo to achieve reliable LPE without device requirements on Win10 VMs.
Fun fact: the #Ghidra API is quite consistent in naming methods according to the data types they accept/return, but HighVariables are returned from Varnodes via getHigh()
To prevent further frustration from forgotten tricks I brain dumped the less-than-obvious stuff that I can remember from #Ghidra development in my brand new Ghidra Dev Cheat Sheet:
Unfortunately the reel-to-reel museum at Keszthely, #Hungary was closed, but the TV&radio&turntable museum was open. The traditional decorations on and around the items were especially cool!