Skip to main content
SpringerLink
Log in

Understanding Linux kernel vulnerabilities

  • Original Paper
  • Published:
Journal of Computer Virology and Hacking Techniques Aims and scope Submit manuscript

Abstract

Protecting the Linux kernel from malicious activities is of paramount importance. Several approaches have been proposed to analyze kernel-level vulnerabilities. Existing studies, however, have a strong focus on the attack type (e.g., buffer overflow). In this paper, we report on our analysis of 1,858 Linux kernel vulnerabilities covering a period of Jan 2010-Jan 2020. We classify these vulnerabilities from the attacker’s view using various criteria such as the attacker’s objective, the targeted subsystems of the kernel, the location from which vulnerabilities can be exploited (i.e., locally or remotely), the impact of the attack on confidentiality, system integrity and availability, and the complexity level associated with exploiting vulnerabilities. Our findings indicate the presence of a large number of low-complexity vulnerabilities. Most of them can be exploited from the local system, leading to attacks that can severely compromise the kernel quality of service, and allow attackers to gain privileged access

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14

Similar content being viewed by others

Notes

  1. //www.linux.com/news/linux-kernel-49-here-and-its-largest-release-ever

References

  1. Wang, P., Krinke, J., Lu, K., Li, G., Dodier-Lazaro, S.: How double-fetch situations turn into double-fetch vulnerabilities: a study of double fetches in the Linux kernel. In: InUSENIX Security Symposium, 2017 Aug 16

  2. Xu, W., Li, J., Shu, J., Yang, W., Xie, T., Zhang, Y., Gu, D.: From collision to exploitation: unleashing use-after-free vulnerabilities in linux kernel. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 414–425. ACM (2015)

  3. Gens, D., Schmitt, S., Davi, L., Sadeghi, AR.: K-miner: Uncovering memory corruption in linux. In: Proceedings of the 2018 Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA (2018)

  4. Bagherzadeh, M., Kahani, N., Bezemer, C.P., Hassan, A.E., Dingel, J., Cordy, J.R.: Analyzing a decade of Linux system calls. Empir. Softw. Eng. 23(3), 1519–51 (2018)

    Article  Google Scholar 

  5. National Vulnerability Database. http://nvd.nist.gov

  6. Ahmed, M., Mahmood, A.N., Hu, J.: A survey of network anomaly detection techniques. J. Netw. Comput. Appl. 1(60), 19–31 (2016)

    Article  Google Scholar 

  7. Ghosh, D., Sharman, R., Rao, H.R., Upadhyaya, S.: Self-healing systems–survey and synthesis. J. Decis. Support Syst. 42(4), 2164–2185 (2007)

    Article  Google Scholar 

  8. Simmons, C., Ellis, C., Shiva, S., Dasgupta, D., Wu, Q.: AVOIDIT: a cyber attack taxonomy. Technical report: CS-09-003, University of Memphis (2009)

  9. Lough, D.: A taxonomy of computer attacks with applications to wireless networks. PhD thesis dissertation, Virginia Polytechnic Institute and State University (2001)

  10. Alvarez, G., Petrovic, S.: A new taxonomy of web attacks suitable for efficient encoding. J. Comput. Secur. 22(5), 435–449 (2003)

    Article  Google Scholar 

  11. Howard, J.D.: An analysis of security incidents on the Internet. PhD thesis dissertation, Carnegie Mellon University, Department of Engineering and Public Policy (1997)

  12. Landwehr, C.E., Bull, A.R., McDermott, J.P., Choi, W.S.: A taxonomy of computer program security flaws, with examples. ACM Comput. Surv. 26(3), 211–254 (1994)

    Article  Google Scholar 

  13. Bishop, M.: A taxonomy of Unix and network security vulnerabilities. Technical report, Department of Computer Science, University of California at Davis (1995)

  14. Chen, H., Mao, Y., Wang, X., Zhou, D., Zeldovich, N., Frans Kaashoek, M.: Linux kernel vulnerabilities: state-of-the-art defenses and open problems. In: Proceedings of the Second Asia-Pacific Workshop on Systems (2011)

  15. Mokhov, S., Laverdire, M., Benredjem, D.: Taxonomy of Linux kernel vulnerability solutions. In: Proceedings of the International Joint Conferences on Computer, Information, and Systems Sciences, and Engineering (2007)

  16. Argyroudis, P., Glynos, D.: Protecting the core kernel exploitation mitigations. Black Hat Europe (2011)

  17. Zhou, M., Chen, Q., Mockus, A., Wu, F.: On the scalability of Linux kernel maintainers’ work. In: Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering 2017 Aug 21 (pp. 27–37). ACM

  18. Mell, P., Scarfone, K., Romanosky, S.: A complete guide to the common vulnerability scoring system version 2.0. http://www.first.org/cvss/cvss-guide.html

  19. Santos, O.: The sequel, the evolution of scoring security vulnerabilities (2016)

  20. Eiram, C., Martin, B.: The CVSSv2 shortcomings, faults, and failures formulation. Technical report, Forum of Incident Response and Security Teams (FIRST) (2013)

  21. Dang, T., Wagner, D.: The performance cost of shadow stacks and stack canaries, pp. 1–12

  22. Canepa, G.: How to secure network services using TCP wrappers in Linux (2016)

  23. KASAN, The Kernel Address Sanitizer (KASAN). www.kernel.org/doc/html/v4.10/dev-tools/kasan.html (2017)

  24. Wu, W., Chen, Y., Xu, J., Xing, X., Gong, X., Zou, W.: FUZE: towards facilitating exploit generation for kernel use-after-free vulnerabilities. In: 27th USENIX Security Symposium (USENIX Security 18), pp. 781–797 (2018)

  25. Caballero, J., Grieco, G., Marron, M., Nappa, A.: Undangle: early detection of dangling pointers in use-after-free and double-free vulnerabilities. In: Proceedings of the 2012 International Symposium on Software Testing and Analysis, pp. 133–143. ACM (2012)

  26. Lee, B., Song, C., Jang, Y., Wang, T., Kim, T., Lu, L., Lee, W.: Preventing use-after-free with dangling pointers nullification. In: NDSS (2015)

  27. Smatch the source matcher. http://smatch.sourceforge.net/. Accessed on 30/3/2021

  28. Coccinelle: A program matching and transformation tool for systems code. http://coccinelle.lip6.fr/. Accessed on 20/12/2018

  29. Abal, I., Brabrand, C., Wsowski, A.: Effective bug finding in c programs with shape and effect abstractions. In: International Conference on Verification. Model Checking, and Abstract Interpretation, pp. 34–54. Springer, Cham (2017)

  30. Tsyrklevich, E., Yee, B.: Dynamic detection and prevention of race conditions in file accesses. PhD diss, University of California, San Diego (2003)

  31. National Security Agency (NSA) and Federal Bureau of Investigation (FBI). Russian GRU 85th GTsSS Deploys Previously Undisclosed Drovorub Malware. August 2020 Rev 1.0

  32. Xu, W., Li, J., Shu, J., Yang, W., Xie, T., Zhang, Y., Gu, D.: From collision to exploitation: unleashing use-after-free vulnerabilities in linux kernel. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security 2015 Oct 12 (pp. 414–425). ACM

  33. Allodi, L., Banescu, S., Femmer, H., Beckers, K.: . Identifying relevant information cues for vulnerability assessment using CVSS. In: Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy (pp. 119–126). ACM (2018, March)

  34. Mell, P., Scarfone, K., Romanosky, S.: A complete guide to the common vulnerability scoring system version 2.0. In: Published by FIRST-Forum of Incident Response and Security Teams (vol. 1, p. 23) (2007, June)

Download references

Author information

Authors and Affiliations

  1. Faculty of Computer Science and Engineering, Shahid Beheshti University (SBU), Tehran, Iran

    Alireza Shameli-Sendi

Authors
  1. Alireza Shameli-Sendi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alireza Shameli-Sendi.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Shameli-Sendi, A. Understanding Linux kernel vulnerabilities. J Comput Virol Hack Tech 17, 265–278 (2021). https://doi.org/10.1007/s11416-021-00379-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11416-021-00379-x

Keywords

Search

Navigation