Overview
Explore a comprehensive analysis of exploitable Linux kernel vulnerabilities from 2017 to 2019 in this 44-minute conference talk by Intel's Tong Lin and Luhai Chen. Delve into basic Linux kernel privilege escalation techniques, understanding their functionality and how adversaries utilize them. Examine selected typical exploitable vulnerabilities through in-depth analysis, showcasing complete exploit chains that include gaining kernel arbitrary read/write access and bypassing existing mitigations. Learn about Linux distribution families, top Common Weakness Enumerations (CWE) in the Linux kernel, and representative kernel vulnerabilities. Gain insights into Linux privilege escalation, common Local Privilege Escalation (LPE) flows, and control execution flows. Discover specific vulnerability types, arbitrary memory write techniques, and the significance of address limits in gaining root privileges. Explore eBPF verifier bypass vulnerabilities, conventional Use-After-Free (UAF) exploit chains, and Time-of-Check to Time-of-Use (TOCTOU) vulnerabilities in the pipe subsystem. Understand how list operations combine with pipe heap spraying in exploits, and review case summaries to reinforce your understanding of Linux kernel security challenges and mitigation techniques.
Syllabus
Intro
Linux distribution families
Top 6 CWE in Linux kernel
Representative kernel vulnerabilities
Linux privilege escalation
Common LPE flow
Control execution flow
For specific vulnerability types
Get arbitrary memory write
What is addr limit?
Gain root privilege
eBPF verifier bypass vulnerability
Verifier simulation execution
Actual code running
Conventional UAF exploit chain
TOCTOU & pipe subsystem
Combine list operation with pipe heap spray
Case summary
Conclusion
Taught by
Linux Foundation