How Double-Fetch Situations turn into Double-Fetch Vulnerabilities: A Study of Double Fetches in the Linux Kernel
2017
We present the first static approach that systematically
detects potential double-fetch vulnerabilities in the Linux kernel. Using a pattern-based analysis, we identified 90
double fetches in the Linux kernel. 57 of these occur
in drivers, which previous dynamic approaches were unable
to detect without access to the corresponding hardware.
We manually investigated the 90 occurrences, and
inferred three typical scenarios in which double fetches
occur. We discuss each of them in detail. We further developed
a static analysis, based on the Coccinelle matching
engine, that detects double-fetch situations which can
cause kernel vulnerabilities. When applied to the Linux,
FreeBSD, and Android kernels, our approach found six
previously unknown double-fetch bugs, four of them in
drivers, three of which are exploitable double-fetch vulnerabilities.
All of the identified bugs and vulnerabilities
have been confirmed and patched by maintainers. Our
approach has been adopted by the Coccinelle team and
is currently being integrated into the Linux kernel patch
vetting. Based on our study, we also provide practical solutions
for anticipating double-fetch bugs and vulnerabilities.
We also provide a solution to automatically patch
detected double-fetch bugs.
Keywords:
- Correction
- Source
- Cite
- Save
- Machine Reading By IdeaReader
29
References
34
Citations
NaN
KQI