|
|
Пишет LWN.net (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} syn_lwnheadline)@ 2020-12-02 15:21:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
Popov: Linux kernel heap quarantine versus use-after-free exploits
Alenxander Popov describes
his kernel heap-quarantine patches designed to protect the system
against use-after-free vulnerabilities. "In July 2020, I got an idea of how to break this heap spraying technique for UAF exploitation. In August I found some time to try it out. I extracted the slab freelist quarantine from KASAN functionality and called it SLAB_QUARANTINE.
If this feature is enabled, freed allocations are stored in the quarantine queue, where they wait to be actually freed. So there should be no way for them to be instantly reallocated and overwritten by UAF exploits."
Alenxander Popov describes
his kernel heap-quarantine patches designed to protect the system
against use-after-free vulnerabilities. "In July 2020, I got an idea of how to break this heap spraying technique for UAF exploitation. In August I found some time to try it out. I extracted the slab freelist quarantine from KASAN functionality and called it SLAB_QUARANTINE.
If this feature is enabled, freed allocations are stored in the quarantine queue, where they wait to be actually freed. So there should be no way for them to be instantly reallocated and overwritten by UAF exploits."
