O'Reilly logo

A Guide to Kernel Exploitation by Massimiliano Oldani, Enrico Perla

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 2 A Taxonomy of Kernel Vulnerabilities

Information in this Chapter

  • Uninitialized/Nonvalidated/Corrupted Pointer Dereference

  • Memory Corruption Vulnerabilities

  • Integer Issues

  • Race Conditions

  • Logic Bugs (a.k.a. the Bug Grab Bag)

Introduction

Software has bugs. A bug is a malfunction in a program that makes the program produce incorrect results, behave in an undesired way, or simply crash/terminate unexpectedly. In most cases, bugs are the result of programming errors, as is the case in the following snippet of code taken from the 2.6.9 version of the Linux Kernel:

static int bluez_sock_create(struct socket *sock, int proto)

{

if (proto >= BLUEZ_MAX_PROTO)

return –EINVAL;

[…]

return bluez_proto[proto]->create(sock,proto); ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required