Linux Kernel Exploitation Papers

• Effective Static Analysis of Concurrency Use-After-Free Bugs in Linux Device Drivers Effective Static Analysis of Concurrency Use-After-Free Bugs in Linux Device Drivers
• TagBleed: Breaking KASLR on the Isolated Kernel Address Space using Tagged TLBs
• Finding Race Conditions In Kernels: From Fuzzing To Symbolic Execution
• Protecting Commodity Operating Systems through Strong Kernel Isolation
• SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits
• Kernel Self-Protection through Quantified Attack Surface Reduction
• Identification of Kernel Memory Corruption Using Kernel Memory Secret Observation Mechanism
• RAZZER: Finding Kernel Race Bugs through Fuzzing
• Detecting Kernel Memory Disclosure with x86 Emulation and Taint Tracking
• Unicorefuzz: On the Viability of Emulation for Kernelspace Fuzzing
• Agamotto: Accelerating Kernel Driver Fuzzing with Lightweight Virtual Machine Checkpoints
• kR^X: Comprehensive Kernel Protection against Just-In-Time Code Reuse
• Exploiting Uses of Uninitialized Stack Variables in Linux Kernels to Leak Kernel Pointers
• Undo Workarounds for Kernel Bugs
• USBFuzz: A Framework for Fuzzing USB Drivers by Device Emulation
• DIFUZE: Interface Aware Fuzzing for Kernel Drivers
• FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities
• IOMMU-resistant DMA attacks
• KASR: A Reliable and Practical Approach to Attack Surface Reduction of Commodity OS Kernels
• A Systematic Study of Elastic Objects in Kernel Exploitation
• Jump Over ASLR: Attacking Branch Predictors to Bypass ASLR
• From Thousands of Hours to a Couple of Minutes: Towards Automating Exploit Generation for Arbitrary Types of Kernel Vulnerabilities
• CATTmew: Defeating Software-only Physical Kernel Isolation
• A Hybrid Interface Recovery Method for Android Kernels Fuzzing
• Precisely Characterizing Security Impact in a Flood of Patches via Symbolic Rule Comparison
• Escalating Privileges in Linux using Voltage Fault Injection
• kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels
• HFL: Hybrid Fuzzing on the Linux Kernel
• GuardION: Practical Mitigation of DMA-based Rowhammer Attacks on ARM
• Kernel Data Attack is a Realistic Security Threat
• Industry Practice of Coverage-Guided Enterprise Linux Kernel Fuzzing
• Kepler: Facilitating Control-flow Hijacking Primitive Evaluation for Linux Kernel Vulnerabilities
• Own your Android! Yet Another Universal Root
• From IP ID to Device ID and KASLR Bypass (Extended Version)
• PLATYPUS: Software-based Power Side-Channel Attacks on x86
• KOOBE: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write Vulnerabilities
• From Collision To Exploitation: Unleashing Use-After-Free Vulnerabilities in Linux Kernel
• FastSyzkaller: Improving Fuzz Efficiency for Linux Kernel Fuzzing
• KASLR is Dead: Long Live KASLR
• Detecting Missing-Check Bugs via Semantic- and Context-Aware Criticalness and Constraints Inferences
• Understanding and Detecting Disordered Error Handling with Precise Function Pairing
• PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary
• Fuzzing File Systems via Two-Dimensional Input Space Exploration
• Specification and verification in the field: Applying formal methods to BPF just-in-time compilers in the Linux kernel
• Comprehensive Kernel Instrumentation via Dynamic Binary Translation
• Precise and Scalable Detection of Double-Fetch Bugs in OS Kernels
• MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation
• ret2dir: Deconstructing Kernel Isolation
• UniSan: Proactive Kernel Memory Initialization to Eliminate Data Leakages
• SLAKE: Facilitating Slab Manipulation for Exploiting Vulnerabilities in the Linux Kernel
• Randomization can't stop BPF JIT spray
• Camouflage: Hardware-assisted CFI for the ARM Linux kernel
• Towards Linux Kernel Memory Safety
• Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying
• perf fuzzer: Exposing Kernel Bugs by Detailed Fuzzing of a Specific System Call (2019 Update)
• Linux kernel vulnerabilities: State-of-the-art defenses and open problems
• Exploiting large memory management vulnerabilities in Xorg server running on Linux