A software engineer focusing on fuzzers, exploits, and mitigations for Linux and Android kernels.
An overview article about approaches to Linux kernel fuzzing. Written together with the HackMag Editorial Board based on the Fuzzing the Linux kernel talk I gave at PHDays 20201.
Memory tagging is coming to kill all of your favorite Linux kernel exploits!
Memory Tagging Extension (MTE) is an ARM v8.5 feature that enables hardware-assisted validation of the correctness of memory accesses. In a nutshell, MTE allows assigning tags to memory allocations, as well as to pointers that refer to those allocations. When a pointer is accessed, the CPU performs a validity check that ensures that the memory tag matches the pointer tag.
In this talk, I explain how MTE is used to assert the validity of kernel memory accesses. I describe the newly added Hardware Tag-Based KASAN mode, its weaknesses, and planned improvements.
A Telegram channel about Linux kernel security. Me and Alexander Popov regularly post links to materials about exploits, fuzzers, migitations, and other security-related things there.