1、#BHAS BlackHatEventsKernJC:Automated Vulnerable KernJC:Automated Vulnerable Environment Generation for Linux Environment Generation for Linux Kernel VulnerabilitiesKernel VulnerabilitiesSpeakers:Bonan Ruan,Jiahao LiuContributors:Chuqi Zhang,Zhenkai Liang#BHAS BlackHatEventsBonan Ruan,Ph.D.Student,NU
2、S Ex-NSFOCUS Security Researcher GitHub:brant-ruan Homepage:profile.wohin.me E-mail:r-bonancomp.nus.edu.sgJiahao Liu,Ph.D.Student,NUS GitHub:ljiahao Homepage:ljiahao.github.io E-mail:jiahao99comp.nus.edu.sgChuqi Zhang,Ph.D.Student,NUS GitHub:Icegrave0391 Homepage:chuqiz.notion.site E-mail:chuqizcomp
3、.nus.edu.sgZhenkai Liang,Assoc Prof,NUS Homepage:comp.nus.edu.sg/liangzk E-mail:liangzkcomp.nus.edu.sgABOUT USnus-curiosity.github.io#BHAS BlackHatE KERNJC#BHAS BlackHatEventsENDLESS KERNEL VULNERABILITIES!Source:Google kernelCTF(https:/ BlackHatEventsIMPACT OF KERNEL VULNERABILITIESSource:Bonans bl
4、og post(https:/blog.wohin.me/posts/thoughts-on-vuln-research-2)#BHAS BlackHatEventsREPRODUCTION!SeverityAssessmentDetection&MitigationDefenseEvaluationApplicationScenariosWhat Do We Need forReproduction?VulnerableEnvironmentProof of Concept(PoC)BrainPatientLuck#BHAS BlackHatEventsDONT TAKE SUCCESSFU
5、L ENV FOR GRANTED!Hello,when building the test environment,I followed the steps above to compile the kernel.It kept getting stuck.During the test,I didnt find any NFQUEUE rule in the target.At the time,I selected many configs,and its possible that some configs were not included.First,check if its an
6、 issue with the compilation options.#BHAS BlackHatEventsEXAMPLE:CVE-2021-22555Description:A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered innet/netfilter/x_tables.c.This allows an attacker to gain privileges or cause a DoS(via heap memory corruption)through user name spac