Understanding Concurrency Vulnerabilities in Linux Kernel

TL;DR

This paper provides the first empirical analysis of concurrency security vulnerabilities in the Linux kernel over the past decade, highlighting their prevalence, types, and patch strategies to inform future security improvements.

Contribution

It categorizes Linux kernel concurrency vulnerabilities from the CVE database, analyzes their patterns, and discusses challenges in detecting and patching these security issues.

Findings

Concurrency vulnerabilities remain a serious security threat.

Different vulnerability types require diverse patch strategies.

Analyzing CVEs reveals patterns and challenges in fixing these vulnerabilities.

Abstract

While there is a large body of work on analyzing concurrency related software bugs and developing techniques for detecting and patching them, little attention has been given to concurrency related security vulnerabilities. The two are different in that not all bugs are vulnerabilities: for a bug to be exploitable, there needs be a way for attackers to trigger its execution and cause damage, e.g., by revealing sensitive data or running malicious code. To fill the gap, we conduct the first empirical study of concurrency vulnerabilities reported in the Linux operating system in the past ten years. We focus on analyzing the confirmed vulnerabilities archived in the Common Vulnerabilities and Exposures (CVE) database, which are then categorized into different groups based on bug types, exploit patterns, and patch strategies adopted by developers. We use code snippets to illustrate individual vulnerability types and patch strategies. We also use statistics to illustrate the entire landscape, including the percentage of each vulnerability type. We hope to shed some light on the problem, e.g., concurrency vulnerabilities continue to pose a serious threat to system security, and it is difficult even for kernel developers to analyze and patch them. Therefore, more efforts are needed to develop tools and techniques for analyzing and patching these vulnerabilities.