Understanding Linux kernel vulnerabilities

Protecting the Linux kernel from malicious activities is of paramount importance. Several approaches have been proposed to analyze kernel-level vulnerabilities. Existing studies, however, have a strong focus on the attack type (e.g., buffer overflow). In this paper, we report on our analysis of 1,858 Linux kernel vulnerabilities covering a period of Jan 2010-Jan 2020. We classify these vulnerabilities from the attacker's view using various criteria such as the attacker's objective, the targeted subsystems of the kernel, the location from which vulnerabilities can be exploited (i.e., locally or remotely), the impact of the attack on confidentiality, system integrity and availability, and the complexity level associated with exploiting vulnerabilities. Our findings indicate the presence of a large number of low-complexity vulnerabilities. Most of them can be exploited from the local system, leading to attacks that can severely compromise the kernel quality of service, and allow attackers to gain privileged access