Understanding Linux kernel vulnerabilities

被引:4
|
作者
Shameli-Sendi, Alireza [1 ]
机构
[1] Shahid Beheshti Univ SBU, Fac Comp Sci & Engn, Tehran, Iran
来源
JOURNAL OF COMPUTER VIROLOGY AND HACKING TECHNIQUES | 2021年 / 17卷 / 04期
关键词
Software security; Linux kernel vulnerability; Vulnerability taxonomies; TAXONOMY;
D O I
10.1007/s11416-021-00379-x
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Protecting the Linux kernel from malicious activities is of paramount importance. Several approaches have been proposed to analyze kernel-level vulnerabilities. Existing studies, however, have a strong focus on the attack type (e.g., buffer overflow). In this paper, we report on our analysis of 1,858 Linux kernel vulnerabilities covering a period of Jan 2010-Jan 2020. We classify these vulnerabilities from the attacker's view using various criteria such as the attacker's objective, the targeted subsystems of the kernel, the location from which vulnerabilities can be exploited (i.e., locally or remotely), the impact of the attack on confidentiality, system integrity and availability, and the complexity level associated with exploiting vulnerabilities. Our findings indicate the presence of a large number of low-complexity vulnerabilities. Most of them can be exploited from the local system, leading to attacks that can severely compromise the kernel quality of service, and allow attackers to gain privileged access
引用
收藏
页码:265 / 278
页数:14
相关论文
共 50 条
  • [1] Understanding Linux kernel vulnerabilities
    Alireza Shameli-Sendi
    Journal of Computer Virology and Hacking Techniques, 2021, 17 : 265 - 278
  • [2] An Empirical Analysis of Vulnerabilities in OpenSSL and the Linux Kernel
    Jimenez, Matthieu
    Papadakis, Mike
    Le Traon, Yves
    2016 23RD ASIA-PACIFIC SOFTWARE ENGINEERING CONFERENCE (APSEC 2016), 2016, : 105 - 112
  • [3] KERNJC: Automated Vulnerable Environment Generation for Linux Kernel Vulnerabilities
    Ruan, Bonan
    Liu, Jiahao
    Zhang, Chuqi
    Liang, Zhenkai
    PROCEEDINGS OF 27TH INTERNATIONAL SYMPOSIUM ON RESEARCH IN ATTACKS, INTRUSIONS AND DEFENSES, RAID 2024, 2024, : 384 - 402
  • [4] Understanding and isolating the noise in the Linux kernel
    Akkan, Hakan
    Lang, Michael
    Liebrock, Lorie
    INTERNATIONAL JOURNAL OF HIGH PERFORMANCE COMPUTING APPLICATIONS, 2013, 27 (02): : 136 - 146
  • [5] SLAKE: Facilitating Slab Manipulation for Exploiting Vulnerabilities in the Linux Kernel
    Chen, Yueqi
    Xing, Xinyu
    PROCEEDINGS OF THE 2019 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY (CCS'19), 2019, : 1707 - 1722
  • [6] A Methodology for finding Source-level Vulnerabilities of the Linux Kernel Variables
    Kim, Jaekwang
    Lee, Jee-Hyong
    2008 IEEE INTERNATIONAL JOINT CONFERENCE ON NEURAL NETWORKS, VOLS 1-8, 2008, : 3717 - 3722
  • [7] Understanding Vulnerability Inducing Commits of the Linux Kernel
    Jiang, Muhui
    Jiang, Jinan
    Wu, Tao
    Ma, Zuchao
    Luo, Xiapu
    Zhou, Yajin
    ACM TRANSACTIONS ON SOFTWARE ENGINEERING AND METHODOLOGY, 2024, 33 (07)
  • [8] Hardening the Core: Understanding and Detection of XNU Kernel Vulnerabilities
    Liu, Xianyu
    Zheng, Min
    Pan, Aimin
    Lu, Quan
    2018 48TH ANNUAL IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS WORKSHOPS (DSN-W), 2018, : 10 - 13
  • [9] Characteristic classification and correlation analysis of source-level vulnerabilities in the Linux kernel
    Ko, K
    Jang, I
    Kang, YH
    Lee, J
    Eom, YI
    COMPUTATIONAL INTELLIGENCE AND SECURITY, PT 2, PROCEEDINGS, 2005, 3802 : 1149 - 1156
  • [10] AEM: Facilitating Cross-Version Exploitability Assessment of Linux Kernel Vulnerabilities
    Jiang, Zheyue
    Zhang, Yuan
    Xu, Jun
    Sun, Xinqian
    Liu, Zhuang
    Yang, Min
    2023 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, SP, 2023, : 2122 - 2137
12345