Chapter 2 A Taxonomy of Kernel Vulnerabilities
Information in this Chapter
-
Uninitialized/Nonvalidated/Corrupted Pointer Dereference
-
Memory Corruption Vulnerabilities
-
Integer Issues
-
Race Conditions
-
Logic Bugs (a.k.a. the Bug Grab Bag)
Introduction
Software has bugs. A bug is a malfunction in a program that makes the program produce incorrect results, behave in an undesired way, or simply crash/terminate unexpectedly. In most cases, bugs are the result of programming errors, as is the case in the following snippet of code taken from the 2.6.9 version of the Linux Kernel:
static int bluez_sock_create(struct socket *sock, int proto)
{
if (proto >= BLUEZ_MAX_PROTO)
return –EINVAL;
[…]
return bluez_proto[proto]->create(sock,proto); ...
Get A Guide to Kernel Exploitation now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.