Devils Are in the File Descriptors - It Is Time To Catch Them All
Offered By: Black Hat via YouTube
Course Description
Overview
Explore critical vulnerabilities in Linux kernel file descriptor operations in this 31-minute Black Hat conference talk. Dive into the Unix principle of "everything is a file" and examine how file descriptors (fd) are used in the Linux kernel. Uncover high-risk vulnerabilities associated with exporting and importing file descriptors between kernel and user space. Learn about newly discovered vulnerability types, including use-after-free (UAF) issues caused by race conditions and file descriptor type confusion. Gain insights into the potential security implications of these vulnerabilities and understand the importance of addressing them in Linux kernel development and system administration.
Syllabus
Intro
Background
Scenario of fd export operation
UAF caused by race condition
Scenario of fd import operation
Fd type confusion caused by race condition
black hat
Find the issues
Taught by
Black Hat
Related Courses
Ethical Hacking in 15 Hours - 2023 Edition - Learn to HackCyber Mentor via YouTube Contextomy - Let's Debug Together
nullcon via YouTube macOS Security Features Bypasses by Example
nullcon via YouTube Exploiting Android Messengers with WebRTC
nullcon via YouTube XNU Heap Exploitation - From Kernel Bug to Kernel Control
nullcon via YouTube