Race For Root: The Analysis Of The Linux Kernel Race Condition Exploit

Presented at Still Hacking Anyway (SHA2017), Aug. 7, 2017, 5:55 p.m. (60 minutes).

CVE-2017-2636 is a 7-year old race condition in the Linux kernel that was fixed by Alexander Popov in March, 2017. This vulnerability affected all major Linux distributions. It can be exploited to gain a local privilege escalation. In this presentation Alexander will describe the PoC exploit for CVE-2017-2636. He will explain the effective method of hitting the race condition and show the following exploitation techniques: turning double-free into use-after-free, heap spraying and stabilization, SMEP bypass. #DeviceSecurity

Presenters:

  • Alexander Popov
    I'm a Linux kernel developer. I work at Positive Technologies (https://www.ptsecurity.com/) and specialize in Linux kernel security. 20 of my patches are applied to the Linux kernel mainline. Most important commits: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1a4bb93f795502e7e8350d4af1aa5909f15ffc28 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=63da8e0d4f274fdf73b9924e8fd8f64a3d11d24a https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=82f2341c94d270421f383641b7cd670e474db56b The latter is the fix for CVE-2017-2636 in the Linux kernel (https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-2636), which I would like to speak about. My open source developer profile: https://www.openhub.net/accounts/a13xp0p0v Speaker experience: - PHDays VI (short track, in Russian): http://2016.phdays.com/program/49625/ - LinuxCon Japan 2016 (in English): http://events.linuxfoundation.org/sites/events/files/slides/Alexander_Popov-KASan_in_a_Bare-Metal_Hypervisor_0.pdf

Links:

Similar Presentations: