About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Fuzzing EBPF JIT Bugs in the Linux Kernel- 310

Simon ScannellPosted 5 Years Ago
  • Fuzzing the kernel is crazy complex and NOT time efficient. So, moving this to userland can be useful. This article goes into fuzzing the Linux Kernel. However, this fuzzing is left as an exercise for the reader.
  • In a previous bug, there was a vulnerability in the handling of 32-bit vs. 64-bit but it was processed in the same area. The solution was to put this into two areas of code: one for the 32-bit and one for 64-bit.
  • What went wrong with this patch? The code was copy and pasted into another function where only some data was edited for 32-bit vs. 64-bit. So, some copies were happening for 64-bit instead of 32-bit! This created an OOB write primitive.
  • What is the take away from this? A 'fix' may not actually fix the problem! Verifying that a vulnerability has actually been patched is an easy way to find more vulns :)

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed