Bug Classes/Heap overflow

From Linux Kernel Security Subsystem
Jump to navigation Jump to search

Details

Heap overflows tend to occur due to integer overflows or otherwise broken bounds checking. Exploits overwrite adjacent heap memory, or manipulate the heap metadata values.

Examples

Mitigations

  • runtime validation of variable size vs copy_to_user/copy_from_user size (e.g. PAX_USERCOPY)
  • guard pages
  • metadata validation (e.g. glibc's heap protections)