4
Exploiting null-dereferences in the Linux kernel (Project Zero)
source link: https://lwn.net/Articles/920544/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Exploiting null-dereferences in the Linux kernel (Project Zero) [LWN.net]
User:
Password: |
|
Exploiting null-dereferences in the Linux kernel (Project Zero)
[Posted January 19, 2023 by corbet]
The Google Project Zero page shows
how to compromise the kernel by using a NULL pointer to repeatedly
force an oops and overflow a reference count.
(Log in to post comments)
Back when the kernel was able to access userland memory without restriction, and userland programs were still able to map the zero page, there were many easy techniques for exploiting null-deref bugs. However with the introduction of modern exploit mitigations such as SMEP and SMAP, as well as mmap_min_addr preventing unprivileged programs from mmap’ing low addresses, null-deref bugs are generally not considered a security issue in modern kernel versions. This blog post provides an exploit technique demonstrating that treating these bugs as universally innocuous often leads to faulty evaluations of their relevance to security.
This is the sort of vulnerability that the oops-limit patch is meant to block.
(Log in to post comments)
Copyright © 2023, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK