Overview of Linux Vulnerabilities

Shuangxia, Niu; Jiansong, Mo; Zhang, Zhigang; Lv, Zhuo

doi:10.2991/scict-14.2014.55

Cited by 14 publications

(5 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…With the large number of lines of codes in an OS, different exploits that result in kernel-level access for commodity OSes have been shown [37,30,27]. The goal of the attacker is to crash the system or create system performance attack with security analyst (e.g., IT professional) unable to determine the source of the attack.…”

Section: Threat Modelmentioning

confidence: 99%

Security Vulnerability in Processor-Interconnect Router Design

Song

Kim

Lee

et al. 2014

Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

Servers that consist of multiple nodes and sockets are interconnected together with a high-bandwidth, low latency processor interconnect network, such as Intel QPI or AMD Hypertransport technologies. The different nodes exchange packets through routers which communicate with other routers.A key component of a router is the routing table which determines which output port an arriving packet should be forwarded through. However, because of the flexibility (or programmability) of the routing tables, we show that it can result in security vulnerability. We describe the procedures for how the routing tables in a processor-interconnect router can be modified. Based on these modifications, we propose new system attacks in a server, which include both performance attacks by degrading the latency and/or the bandwidth of the processor interconnect as well as a livelock attack that hangs the system. We implement these system on an 8-node AMD server and show how performance can be significantly degraded. Based on this vulnerability, we propose alternative solutions that provide various trade-off in terms of flexibility and cost while minimizing the routing table security vulnerability.

show abstract

Section: Threat Modelmentioning

confidence: 99%

Security Vulnerability in Processor-Interconnect Router Design

Song

Kim

Lee

et al. 2014

Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

show abstract

“…This work is different from our paper since they create the tool to generate attack graphs, whereas our work is mainly focused on studying the potential attack types based on CWE-IDs. The other similar research includes individual vulnerability assessments, i.e., studies specific to Windows [11], Linux [12], Android [13], etc. The specific study does not provide the big picture of OS security or where the specific OS stands in the vulnerabilities study.…”

Section: Related Workmentioning

confidence: 99%

Unveiling the Landscape of Operating System Vulnerabilities

Bhurtel

Rawat

2023

Future Internet

View full text Add to dashboard Cite

Operating systems play a crucial role in computer systems, serving as the fundamental infrastructure that supports a wide range of applications and services. However, they are also prime targets for malicious actors seeking to exploit vulnerabilities and compromise system security. This is a crucial area that requires active research; however, OS vulnerabilities have not been actively studied in recent years. Therefore, we conduct a comprehensive analysis of OS vulnerabilities, aiming to enhance the understanding of their trends, severity, and common weaknesses. Our research methodology encompasses data preparation, sampling of vulnerable OS categories and versions, and an in-depth analysis of trends, severity levels, and types of OS vulnerabilities. We scrape the high-level data from reliable and recognized sources to generate two refined OS vulnerability datasets: one for OS categories and another for OS versions. Our study reveals the susceptibility of popular operating systems such as Windows, Windows Server, Debian Linux, and Mac OS. Specifically, Windows 10, Windows 11, Android (v11.0, v12.0, v13.0), Windows Server 2012, Debian Linux (v10.0, v11.0), Fedora 37, and HarmonyOS 2, are identified as the most vulnerable OS versions in recent years (2021–2022). Notably, these vulnerabilities exhibit a high severity, with maximum CVSS scores falling into the 7–8 and 9–10 range. Common vulnerability types, including CWE-119, CWE-20, CWE-200, and CWE-787, are prevalent in these OSs and require specific attention from OS vendors. The findings on trends, severity, and types of OS vulnerabilities from this research will serve as a valuable resource for vendors, security professionals, and end-users, empowering them to enhance OS security measures, prioritize vulnerability management efforts, and make informed decisions to mitigate risks associated with these vulnerabilities.

show abstract

“…Therefore, assuming attackers have the root privilege is permissible when the victim procedures are in TEE. Besides, there are many legal or illegal ways for attackers to gain such privilege [37,53].…”

Section: Assumption and Threat Modelmentioning

confidence: 99%

PMUSpill: The Counters in Performance Monitor Unit that Leak SGX-Protected Secrets

Qiu¹,

Lyu²,

Wang³

et al. 2022

Preprint

View full text Add to dashboard Cite

Performance Monitor Unit (PMU) is a significant hardware module on the current processors, which counts the events launched by processor into a set of PMU counters. Ideally, the events triggered by instructions that are executed but the results are not successfully committed (transient execution) should not be recorded. However, in this study, we discover that some PMU events triggered by the transient execution instructions will actually be recorded by PMU. Based on this, we propose the PMUSpill attack, which enables attackers to maliciously leak the secret data that are loaded during transient executions. The biggest challenge is how to encode the secret data into PMU events. We construct an instruction gadget to solve this challenge, whose execution path that can be identified by PMU counters represents what values the secret data are. We successfully implement the PMUSpill attack to leak the secret data stored in Intel Software Guard Extensions (SGX) (a Trusted Execution Environment (TEE) in the Intel's processors) through real experiments. Besides, we locate the vulnerable PMU counters and their trigger instructions by iterating all the valid PMU counters and instructions. The experiment results demonstrate that there are up to 20 PMU counters available to implement the PMUSpill attack. We also provide some possible hardware and software-based countermeasures for addressing the PMUSpill attack, which can be utilized to enhance the security of processors in future.

show abstract

Overview of Linux Vulnerabilities

Cited by 14 publications

References 4 publications

Security Vulnerability in Processor-Interconnect Router Design

Security Vulnerability in Processor-Interconnect Router Design

Unveiling the Landscape of Operating System Vulnerabilities

PMUSpill: The Counters in Performance Monitor Unit that Leak SGX-Protected Secrets

Contact Info

Product

Resources

About