Take a Step Further: Understanding Page Spray in Linux Kernel   Exploitation

Ziyi Guo; Dang K Le; Zhenpeng Lin; Kyle Zeng; Ruoyu Wang; Tiffany Bao,; Yan Shoshitaishvili; Adam Doup\'e; Xinyu Xing

arXiv:2406.02624·cs.CR·November 12, 2024

Take a Step Further: Understanding Page Spray in Linux Kernel Exploitation

Ziyi Guo, Dang K Le, Zhenpeng Lin, Kyle Zeng, Ruoyu Wang, Tiffany Bao,, Yan Shoshitaishvili, Adam Doup\'e, Xinyu Xing

PDF

Open Access

TL;DR

This paper systematically investigates Page Spray, a page-level exploitation technique in Linux Kernel, providing a comprehensive model, analyzing root causes, evaluating its properties, and proposing mitigation strategies.

Contribution

It introduces the extbackslash sys model for Page Spray, analyzes its root causes, and proposes a lightweight mitigation approach.

Findings

01

Page Spray exploits are stable and highly exploitable.

02

The extbackslash sys model effectively identifies Page Spray callsites.

03

The proposed mitigation reduces Page Spray success rate.

Abstract

Recently, a novel method known as Page Spray emerges, focusing on page-level exploitation for kernel vulnerabilities. Despite the advantages it offers in terms of exploitability, stability, and compatibility, comprehensive research on Page Spray remains scarce. Questions regarding its root causes, exploitation model, comparative benefits over other exploitation techniques, and possible mitigation strategies have largely remained unanswered. In this paper, we conduct a systematic investigation into Page Spray, providing an in-depth understanding of this exploitation technique. We introduce a comprehensive exploit model termed the \sys model, elucidating its fundamental principles. Additionally, we conduct a thorough analysis of the root causes underlying Page Spray occurrences within the Linux Kernel. We design an analyzer based on the Page Spray analysis model to identify Page Spray…

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsAdvanced Malware Detection Techniques · Advanced Data Storage Technologies · Distributed and Parallel Computing Systems