Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore a groundbreaking software-induced side-channel attack called KernelSnitch that demonstrates how to leak kernel heap pointers without exploiting memory safety vulnerabilities in this 31-minute Black Hat conference talk. Discover how this hardware-agnostic attack exploits timing differences in hash table access operations within Linux kernel syscalls to achieve byte-accurate pointer leaks on the kernel heap. Learn about the fundamental design flaws in Linux kernel hash tables that enable this novel attack surface, with particular focus on the futex hash table as a case study. Examine the root cause analysis that reveals why this side-channel attack is both potent and difficult to patch, while understanding how it differs significantly from previous Linux kernel side-channel attacks by being hardware-independent and achieving unprecedented precision. Watch a live demonstration of an end-to-end attack performed by an unprivileged user that successfully leaks kernel heap pointers across multiple architectures including x86_64, AArch64, and RISC-V, even within sandboxed environments like Docker. Gain insights into the implications of this research for operating system security and the challenges it presents for defensive measures.
