Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore a groundbreaking timing side-channel attack that exploits TLB vulnerabilities combined with kernel allocator manipulation to reveal the precise locations of security-critical kernel objects in modern Linux systems. Learn how this novel location disclosure technique surpasses previous TLB side-channel attacks by targeting specific kernel heap objects, page tables, and kernel stacks rather than just coarse-grained memory locations like physical mapping base addresses. Discover how this 28-minute Black Hat conference presentation demonstrates the first attack capable of leaking security-critical kernel object locations, significantly enhancing the stability and reliability of kernel exploitation while enabling new exploit techniques and re-enabling previously mitigated ones. Examine the comprehensive root cause analysis revealing how design decisions in kernel defenses and memory allocators unintentionally facilitate these attacks, making location leakage possible despite existing security measures. Witness a practical end-to-end demonstration where unprivileged users successfully leak most security-critical kernel objects within seconds on recent Intel CPUs running up-to-date Ubuntu Linux kernels, presented by InfoSec researchers Lukas Maar and Lukas Giner from Graz University of Technology.
