Bug Classes/Heap overflow

From Linux Kernel Security Subsystem
Jump to: navigation, search

Details

Heap overflows tend to occur due to integer overflows or otherwise broken bounds checking. Exploits overwrite adjacent heap memory, or manipulate the heap metadata values.

Examples

Mitigations

  • runtime validation of variable size vs copy_to_user/copy_from_user size (e.g. PAX_USERCOPY)
  • guard pages
  • metadata validation (e.g. glibc's heap protections)
Personal tools
Namespaces

Variants
Actions
Navigation
Tools