An open API service indexing awesome lists of open source software.

https://github.com/maxking/linux-vulns-extended

An extension to https://github.com/maxking/linux-vulnerabilities-10-years capturing more information as I find them.
https://github.com/maxking/linux-vulns-extended

Last synced: 3 months ago
JSON representation

An extension to https://github.com/maxking/linux-vulnerabilities-10-years capturing more information as I find them.

Awesome Lists containing this project

README

          

This repo captures the new vulnerabilities that I have studied, after I wrote
my MS thesis (which is [freely available][1])

Memory Corruption
=====================

Concurrently Use-After-Free
-------------------------------

This kind of vulnerability is caused by use-after-free(UAF) in code that
executes concurrently, mostly drivers. This [research paper from USENIX
2019][2] explores how these bugs can be detected with what they call "summary
based lockset analysis" (an advanced static analysis).

The basic summary is that they collect all possible functions that acquire a
lock and pair them with other functions which can execute concurrently with
that function, from the same and from a different driver using static
analysis. Then they finally compare the functions in those pairs for
use-after-free bugs. Read the paper for more details.

[1]: https://github.com/maxking/linux-vulnerabilities-10-years
[2]: https://www.usenix.org/system/files/atc19-bai.pdf