Presented at
Still Hacking Anyway (SHA2017),
Aug. 7, 2017, 5:55 p.m.
(60 minutes)
CVE-2017-2636 is a 7-year old race condition in the Linux kernel that was fixed by Alexander Popov in March, 2017. This vulnerability affected all major Linux distributions. It can be exploited to gain a local privilege escalation. In this presentation Alexander will describe the PoC exploit for CVE-2017-2636. He will explain the effective method of hitting the race condition and show the following exploitation techniques: turning double-free into use-after-free, heap spraying and stabilization, SMEP bypass.
#DeviceSecurity
Presenters:
-
Alexander Popov
I'm a Linux kernel developer. I work at Positive Technologies (https://www.ptsecurity.com/) and specialize in Linux kernel security.
20 of my patches are applied to the Linux kernel mainline. Most important commits:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1a4bb93f795502e7e8350d4af1aa5909f15ffc28
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=63da8e0d4f274fdf73b9924e8fd8f64a3d11d24a
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=82f2341c94d270421f383641b7cd670e474db56b
The latter is the fix for CVE-2017-2636 in the Linux kernel (https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-2636), which I would like to speak about.
My open source developer profile: https://www.openhub.net/accounts/a13xp0p0v
Speaker experience:
- PHDays VI (short track, in Russian): http://2016.phdays.com/program/49625/
- LinuxCon Japan 2016 (in English): http://events.linuxfoundation.org/sites/events/files/slides/Alexander_Popov-KASan_in_a_Bare-Metal_Hypervisor_0.pdf
Links:
Similar Presentations: