Exploiting UAF by Ret2bpf in Android Kernel

Explore the intricacies of exploiting a Use-After-Free vulnerability in the Android kernel through a comprehensive conference talk from the Hack In The Box Security Conference. Delve into the discovery and analysis of CVE-2021-0399, a 10-year-old vulnerability in the xt_qtaguid kernel module used for monitoring network socket status. Learn about the history of vulnerabilities in this module and various exploitation techniques, with a focus on circumventing CONFIG_ARM64_UAO using the ret2bpf method. Witness a video demonstration of local privilege escalation on a Mi9 device running the latest version of Android Pie with modern kernel protections. Gain insights into additional mitigations in current Android versions, Google's knowledge of the vulnerability, and their methods for statically and dynamically detecting Android exploit samples, including the use of eBPF. Benefit from the expertise of presenters Xingyu Jin and Richard Neal, experienced security engineers from Google's Android Security team, as they share their knowledge on Android kernel exploit analysis, detection, and malware research.