CVE-2007-4573: The Anatomy of a Kernel Exploit

from blog Posts on Made of Bugs, | ↗ original
CVE-2007-4573 is two years old at this point, but it remains one of my favorite vulnerabilities. It was a local privilege-escalation vulnerability on all x86_64 kernels prior to v2.6.22.7. It’s very simple to understand with a little bit of background, and the exploit is super-simple, but it’s still more interesting than Yet Another NULL Pointer...
This is a short summary. ↗ Open original to view full content

Related

CVE-2023-6351 – Update Chrome Now!
ShavingTheYak | original ↗
Filling in the Blanks: Exploiting Null Byte Buffer Overflow for a $40,000 Bounty
Blog | Sam Curry | original ↗
Linux kernel 2.6.27 exploits
tail -f /var/log/messages | grep vegard | original ↗
A Minimal Rust Kernel
Writing an OS in Rust | original ↗
Exploiting V8 at openECSC
lyra's epic blog! | original ↗
BlackHat/DEFCON 2011 talk: Breaking out of KVM
Posts on Made of Bugs | original ↗
CVE-2010-4258: Turning denial-of-service into privilege escalation
Posts on Made of Bugs | original ↗
Some notes on CVE-2010-3081 exploitability
Posts on Made of Bugs | original ↗
A brief look at Linux's security record
Posts on Made of Bugs | original ↗
Fun with the preprocessor: CONFIG_IA32_EMULATION hacks in Linux
Posts on Made of Bugs | original ↗

More from Posts on Made of Bugs

Finding near-duplicates with Jaccard similarity and MinHash
3 Jul 2024 | original ↗

Suppose we have a large collection of documents, and we wish you identify which documents are approximately the same as each other. For instance, we may have crawled the web over some period of time, and expect to have fetched the “same page” several times, but to see slight differences in metadata, or that we have several revisions of a page...

Stripe's monorepo developer environment
21 May 2024 | original ↗

I worked at Stripe for about seven years, from 2012 to 2019. Over that time, I used and contributed to many generations of Stripe’s developer environment – the tools that engineers used daily to write and test code. I think Stripe did a pretty good job designing and building that developer experience, and since leaving, I’ve found myself...

Performance engineering, profilers, and seeing the invisible
18 Dec 2023 | original ↗

I was recently introduced to the paper “Seeing the Invisible: Perceptual-Cognitive Aspects of Expertise” by Gary Klein and Robert Hoffman. It’s excellent and I recommend you read it when you have a chance. Klein and Hoffman discuss the ability of experts to “see what is not there”: in addition to observing data and cues that are present in the...

Advent of Code in C++ Template Metaprogramming
8 Dec 2023 | original ↗

This December, the imp of the perverse struck me, and I decided to see how many days of Advent of Code I could do purely in compile-time C++ metaprogramming. As of this writing, I’ve done two days, and I’m not sure I’ll make it any further. However, that’s one more day than I planned to do as of yesterday, which is in turn further than I thought...

What's with ML software and pickles?
8 Nov 2023 | original ↗

I have spent many years as an software engineer who was a total outsider to machine-learning, but with some curiosity and occasional peripheral interactions with it. During this time, a recurring theme for me was horror (and, to be honest, disdain) every time I encountered the widespread usage of Python pickle in the Python ML ecosystem. In...