Kernel: SLUBStick Realities (Not Quite as Bad as Media Put It)
-
USENIX ☛ SLUBStick: Arbitrary Memory Writes through Practical Software Cross-Cache Attacks within the Linux Kernel | USENIX
While the number of vulnerabilities in the Linux kernel has increased significantly in recent years, most have limited capabilities, such as corrupting a few bytes in restricted allocator caches. To elevate their capabilities, security researchers have proposed software cross-cache attacks, exploiting the memory reuse of the kernel allocator. However, such cross-cache attacks are impractical due to their low success rate of only 40 %, with failure scenarios often resulting in a system crash.
-
Tom's Hardware ☛ New Linux kernel attack slips past modern defenses — SLUBStick boasts a 99% success rate
For SLUBStick to work, attackers need local access to the attacked Linux system. The attack also requires the presence of a heap vulnerability in the Linux kernel, which has been found in both the 5.19 Linux kernel and the 6.2 kernel.
-
CSO ☛ New Linux kernel cross-cache attack allows arbitrary memory writes | CSO Online
Researchers from the Graz University of Technology have discovered a way to convert a limited heap vulnerability in the Linux kernel into a malicious memory writes capability to demonstrate novel software cross-cache attacks.
While such vulnerabilities are known to be restricted in capabilities, allowing the corruption of only a few bytes in restricted allocator caches, the researchers exploited the memory reuse of the kernel allocator with a timing side-channel to improve their chances.
-
[Old] Daniel López Azañ ☛ Differences between ASLR, KASLR and KARL
Following the release of the Linux Kernel 4.12, which for the first time brings the KASLR feature enabled by default, and almost simultaneously the announcement of a feature called KARL in OpenBSD, I found it interesting to clarify the differences between these security techniques, since I think that the combination of both will be very important in the future of system security as they will prevent exploiting vulnerabilities related to memory corruption (buffer-overflow).