Exploiting Kernel Races through Taming Thread Interleaving

Explore kernel race condition vulnerabilities and advanced exploitation techniques in this Black Hat conference talk. Delve into the challenges of exploiting non-deterministic thread interleaving and learn why conventional brute force methods often fail. Examine three recent Linux kernel race vulnerabilities and discover a novel approach to extend the exploitation time window. Gain insights into different types of race conditions, including single-variable and multi-variable races, and understand their varying levels of exploitability. Analyze previous exploitation methods, such as using different core latency and scheduler manipulation, along with their limitations. Introduce yourself to the ExpRace technique, which addresses multiple exploitation challenges simultaneously. Conclude with a brief overview of memory corruption exploits in the context of kernel race conditions.

Intro
Race condition is an increasing attack vector
Background: Race Condition Vulnerability
Background: to trigger Race Condition Vulnerability
Background: Exploitability of Race Condition Vulnerability
Classification of Race Condition Vulnerability
Single-variable Race Condition
Exploitability of Single-variable Race
Multi-variable Race Condition
Exploitability of Inclusive Multi-variable Race
Problem : Exploitability of Non-inclusive Race
Previous method : Using Different Core Latency
Limitations of Use Different Core Latency
Previous Approach : Using scheduler (CONFIG PREEMPT)
Limitation of Using scheduler
Each of methods has obvious limitations
How to extend the time window?
ExpRace can solve two problems at once
Brief introduction about memory corruption exploit