UCL logo

UCL Discovery

UCL home » Library Services » Electronic resources » UCL Discovery

How Double-Fetch Situations turn into Double-Fetch Vulnerabilities: A Study of Double Fetches in the Linux Kernel

Wang, P; Krinke, J; Lu, K; Li, G; Dodier-Lazaro, S; (2017) How Double-Fetch Situations turn into Double-Fetch Vulnerabilities: A Study of Double Fetches in the Linux Kernel. In: Proceedings of the 26th USENIX Security Symposium. The Advanced Computing Systems Association: Vancouver, BC, Canada. Green open access

[img]
Preview
Text
Dodier-Lazaro_sec17-wang.pdf - ["content_typename_Published version" not defined]

Download (474kB) | Preview

Abstract

We present the first static approach that systematically detects potential double-fetch vulnerabilities in the Linux kernel. Using a pattern-based analysis, we identified 90 double fetches in the Linux kernel. 57 of these occur in drivers, which previous dynamic approaches were unable to detect without access to the corresponding hardware. We manually investigated the 90 occurrences, and inferred three typical scenarios in which double fetches occur. We discuss each of them in detail. We further developed a static analysis, based on the Coccinelle matching engine, that detects double-fetch situations which can cause kernel vulnerabilities. When applied to the Linux, FreeBSD, and Android kernels, our approach found six previously unknown double-fetch bugs, four of them in drivers, three of which are exploitable double-fetch vulnerabilities. All of the identified bugs and vulnerabilities have been confirmed and patched by maintainers. Our approach has been adopted by the Coccinelle team and is currently being integrated into the Linux kernel patch vetting. Based on our study, we also provide practical solutions for anticipating double-fetch bugs and vulnerabilities. We also provide a solution to automatically patch detected double-fetch bugs.

Type: Proceedings paper
Title: How Double-Fetch Situations turn into Double-Fetch Vulnerabilities: A Study of Double Fetches in the Linux Kernel
Event: 26th USENIX Security Symposium
Location: Vancouver, BC, Canada
Dates: 16 August 2017 - 18 August 2017
ISBN-13: 978-1-931971-40-9
Open access status: An open access version is available from UCL Discovery
Publisher version: https://www.usenix.org/system/files/conference/use...
Language: English
Additional information: This version is the Version of Record. For information on re-use, please refer to the publisher’s terms and conditions.
UCL classification: UCL > School of BEAMS
UCL > School of BEAMS > Faculty of Engineering Science
URI: http://discovery.ucl.ac.uk/id/eprint/1557280
Downloads since deposit
3Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item