A code-reuse attack named Coroutine Frame-Oriented Programming (CFOP) is capable of exploiting C++ coroutines across three major compilers, namely Clang/LLVM, GCC and MSVC.
If I understand aright, the concern here is that if one finds some form of way to corrupt memory, then one could use that to corrupt memory in the program to cause the program to jump to some other code used in a coroutine in much the same way that a buffer overflow in code modifying a variable stored on the stack could permit an attacker one to overwrite a return address on a stack to jump to arbitrary code.
It seems like the more interesting thing is bypassing CFI protections by abusing coroutines to jump around instead of inserting jumps to other functions.
If I understand aright, the concern here is that if one finds some form of way to corrupt memory, then one could use that to corrupt memory in the program to cause the program to jump to some other code used in a coroutine in much the same way that a buffer overflow in code modifying a variable stored on the stack could permit an attacker one to overwrite a return address on a stack to jump to arbitrary code.
It seems like the more interesting thing is bypassing CFI protections by abusing coroutines to jump around instead of inserting jumps to other functions.