Exploit Methods/Userspace data usage

From Linux Kernel Security Subsystem
Revision as of 21:40, 17 November 2015 by KeesCook (talk | contribs) (Examples)
Jump to: navigation, search


Sometimes an attacker won't be able to control the instruction pointer directly, but they will be able to redirect the dereference a structure or other pointer. In these cases, it is easiest to aim at malicious structures that have been built in userspace to perform the exploitation.



  • hardware segmentation: SMAP (x86), PAN (arm, arm64), Domains (arm)
  • emulate memory segmentation via separate page tables (e.g. PAX_UDEREF)