Chapter 2 A Taxonomy of Kernel Vulnerabilities

Information in this Chapter

Uninitialized/Nonvalidated/Corrupted Pointer Dereference
Memory Corruption Vulnerabilities
Integer Issues
Race Conditions
Logic Bugs (a.k.a. the Bug Grab Bag)

Introduction

Software has bugs. A bug is a malfunction in a program that makes the program produce incorrect results, behave in an undesired way, or simply crash/terminate unexpectedly. In most cases, bugs are the result of programming errors, as is the case in the following snippet of code taken from the 2.6.9 version of the Linux Kernel:

static int bluez_sock_create(struct socket *sock, int proto)

{

if (proto >= BLUEZ_MAX_PROTO)

return –EINVAL;

[…]

return bluez_proto[proto]->create(sock,proto); ...

Get A Guide to Kernel Exploitation now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

A Guide to Kernel Exploitation by Enrico Perla, Massimiliano Oldani

Chapter 2 A Taxonomy of Kernel Vulnerabilities

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly