• New attack against the SLUB allocator

    From LWN.net@1337:1/100 to All on Friday, August 09, 2024 16:15:05
    New attack against the SLUB allocator

    Date:
    Fri, 09 Aug 2024 15:08:27 +0000

    Description:
    Researchers from Graz University of Technology have published details of a
    new attack
    on the Linux kernel called SLUBstack. The attack uses timing information to turn an ability to trigger use-after-free or double-free bugs into the
    ability to overwrite page tables, and thence into the ability to read and write arbitrary areas of memory. The good news is that this attack does require an existing bug to be usable; the bad news is that the kernel regularly sees bugs of this kind. We assume that an unprivileged user has
    code execution.
    Additionally, we consider the presence of a heap vulnerability
    in the Linux kernel. We assume that the Linux kernel
    incorporates all defense mechanisms available in version 6.4, the
    most recent Linux kernel version when we started our work.
    These mechanisms include features such as WX, KASLR,
    SMAP, and kCFI. We do not assume any microarchitectural
    vulnerabilities, e.g., transient execution, fault
    injection, or hardware side channels.

    ======================================================================
    Link to news story:
    https://lwn.net/Articles/984984/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)