LinkDoor - A Hidden Attack Surface in the Android Netlink Kernel Modules

Explore a critical security presentation on the hidden vulnerabilities within Android's Netlink kernel modules. Dive deep into the Netlink mechanism, a socket family designed for inter-process communication between the kernel and user-space processes. Understand why Netlink has become an overlooked attack surface in the Android ecosystem, despite its widespread use. Learn about the four threat models derived from Classic Netlink and Generic Netlink categories, and their associated vulnerability scenarios. Discover the findings from an investigation of Netlink-related kernel modules from four major vendors, revealing over 30 security vulnerabilities and 12 CVEs. Gain insights into the analysis, verification, and exploitation of these vulnerabilities, which can lead to serious consequences like privilege escalation. Conclude with valuable security recommendations for vendors using Netlink, based on vulnerability statistics and root cause analysis.

LinkDoor: A Hidden Attack Surface in the Android Netlink Kernel Modules