{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,24]],"date-time":"2025-11-24T07:09:40Z","timestamp":1763968180291,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":35,"publisher":"ACM","license":[{"start":{"date-parts":[[2015,10,12]],"date-time":"2015-10-12T00:00:00Z","timestamp":1444608000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Ministry of Industry and Information Technology of the People's Republic of China","award":["2012ZX03002011"],"award-info":[{"award-number":["2012ZX03002011"]}]},{"DOI":"10.13039\/501100003399","name":"Science and Technology Commission of Shanghai Municipality","doi-asserted-by":"publisher","award":["13511504000,15511103002"],"award-info":[{"award-number":["13511504000,15511103002"]}],"id":[{"id":"10.13039\/501100003399","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Ministry of Science and Technology of the People's Republic of China","award":["2012BAH46B02"],"award-info":[{"award-number":["2012BAH46B02"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2015,10,12]]},"DOI":"10.1145\/2810103.2813637","type":"proceedings-article","created":{"date-parts":[[2015,10,6]],"date-time":"2015-10-06T15:22:12Z","timestamp":1444144932000},"page":"414-425","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":52,"title":["From Collision To Exploitation"],"prefix":"10.1145","author":[{"given":"Wen","family":"Xu","sequence":"first","affiliation":[{"name":"Shanghai Jiao Tong University, Shanghai, China"}]},{"given":"Juanru","family":"Li","sequence":"additional","affiliation":[{"name":"Shanghai Jiao Tong University, Shanghai, China"}]},{"given":"Junliang","family":"Shu","sequence":"additional","affiliation":[{"name":"Shanghai Jiao Tong University, Shanghai, China"}]},{"given":"Wenbo","family":"Yang","sequence":"additional","affiliation":[{"name":"Shanghai Jiao Tong University, Shanghai, China"}]},{"given":"Tianyi","family":"Xie","sequence":"additional","affiliation":[{"name":"Shanghai Jiao Tong University, Shanghai, China"}]},{"given":"Yuanyuan","family":"Zhang","sequence":"additional","affiliation":[{"name":"Shanghai Jiao Tong University, Shanghai, China"}]},{"given":"Dawu","family":"Gu","sequence":"additional","affiliation":[{"name":"Shanghai Jiao Tong University, Shanghai, China"}]}],"member":"320","published-online":{"date-parts":[[2015,10,12]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Attacking the Core: Kernel Exploiting Notes. http:\/\/phrack.org\/issues\/64\/6.html.  Attacking the Core: Kernel Exploiting Notes. http:\/\/phrack.org\/issues\/64\/6.html."},{"key":"e_1_3_2_1_2_1","unstructured":"CVE-2010--1807. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2010--1807.  CVE-2010--1807. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2010--1807."},{"key":"e_1_3_2_1_3_1","unstructured":"CVE-2014--1776. http:\/\/www.cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014--1776.  CVE-2014--1776. http:\/\/www.cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014--1776."},{"key":"e_1_3_2_1_4_1","unstructured":"CVE-2015--3636. http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2015--3636.  CVE-2015--3636. http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2015--3636."},{"key":"e_1_3_2_1_5_1","unstructured":"Exploiting 64-bit Linux like a boss. http:\/\/scarybeastsecurity.blogspot.com\/2013\/02\/exploiting-64-bit-linux-%like-boss.html.  Exploiting 64-bit Linux like a boss. http:\/\/scarybeastsecurity.blogspot.com\/2013\/02\/exploiting-64-bit-linux-%like-boss.html."},{"key":"e_1_3_2_1_6_1","unstructured":"Exploiting NVMAP to escape the Chrome sandbox-CVE-2014--5332. http:\/\/googleprojectzero.blogspot.com\/2015\/01\/exploiting-nvmap-to-escap%e-chrome.html.  Exploiting NVMAP to escape the Chrome sandbox-CVE-2014--5332. http:\/\/googleprojectzero.blogspot.com\/2015\/01\/exploiting-nvmap-to-escap%e-chrome.html."},{"key":"e_1_3_2_1_7_1","unstructured":"GCC stack protector support. http:\/\/lxr.free-electrons.com\/source\/arch\/x86\/include\/asm\/stackprotecto%r.h.  GCC stack protector support. http:\/\/lxr.free-electrons.com\/source\/arch\/x86\/include\/asm\/stackprotecto%r.h."},{"key":"e_1_3_2_1_8_1","unstructured":"Google Chromium source. https:\/\/chromium.googlesource.com\/chromium\/blink\/  Google Chromium source. https:\/\/chromium.googlesource.com\/chromium\/blink\/"},{"key":"e_1_3_2_1_9_1","unstructured":"\/master\/Source\/wtf\/PartitionAlloc.h.  \/master\/Source\/wtf\/PartitionAlloc.h."},{"key":"e_1_3_2_1_10_1","unstructured":"Microsoft Internet Explorer: CVE security vulnerabilities versions and detailed reports.  Microsoft Internet Explorer: CVE security vulnerabilities versions and detailed reports."},{"key":"e_1_3_2_1_11_1","unstructured":"Short users guide for SLUB. https:\/\/www.kernel.org\/doc\/Documentation\/vm\/slub.txt.  Short users guide for SLUB. https:\/\/www.kernel.org\/doc\/Documentation\/vm\/slub.txt."},{"key":"e_1_3_2_1_12_1","unstructured":"Understanding Valgrind memory leak reports. http:\/\/es.gnu.org\/~aleksander\/valgrind\/valgrind-memcheck.pdf.  Understanding Valgrind memory leak reports. http:\/\/es.gnu.org\/~aleksander\/valgrind\/valgrind-memcheck.pdf."},{"volume-title":"Black Hat USA","year":"2007","author":"Afek J.","key":"e_1_3_2_1_13_1"},{"volume-title":"Proc. 19th USENIX Security Symposium","year":"2010","author":"Akritidis P.","key":"e_1_3_2_1_14_1"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.22"},{"volume-title":"Black Hat Europe","year":"2014","author":"Chen L.","key":"e_1_3_2_1_16_1"},{"volume-title":"Black Hat USA","year":"2012","author":"Karamitas P. A. C.","key":"e_1_3_2_1_17_1"},{"volume-title":"Proc. 23rd USENIX Security Symposium","year":"2014","author":"Kemerlis V. P.","key":"e_1_3_2_1_18_1"},{"volume-title":"SLOB","year":"2014","author":"Lameter C.","key":"e_1_3_2_1_19_1"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23238"},{"volume-title":"HITCON","year":"2014","author":"Lu J.","key":"e_1_3_2_1_21_1"},{"key":"e_1_3_2_1_22_1","unstructured":"MWR Lab. Isolated Heap & Friends - Object Allocation Hardening in Web Browsers. https:\/\/labs.mwrinfosecurity.com\/blog\/2014\/06\/20\/isolated-heap-friends-%--object-allocation-hardening-in-web-browsers\/.  MWR Lab. Isolated Heap & Friends - Object Allocation Hardening in Web Browsers. https:\/\/labs.mwrinfosecurity.com\/blog\/2014\/06\/20\/isolated-heap-friends-%--object-allocation-hardening-in-web-browsers\/."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/1837855.1806657"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866371"},{"volume-title":"Proc. 1st USENIX Workshop on Offensive Technologies","year":"2007","author":"Robert W.","key":"e_1_3_2_1_25_1"},{"volume-title":"Linux device drivers","year":"2001","author":"Rubini A.","key":"e_1_3_2_1_26_1"},{"volume-title":"Proc. 2012 USENIX Annual Technical Conference","year":"2012","author":"Serebryany K.","key":"e_1_3_2_1_27_1"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/1030083.1030124"},{"volume-title":"Black Hat Europe","year":"2007","author":"Sotirov A.","key":"e_1_3_2_1_29_1"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.13"},{"key":"e_1_3_2_1_31_1","unstructured":"TrendLabs. Isolated Heap for Internet Explorer Helps Mitigate UAF Exploits. http:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/isolated-hea%p-for-internet-explorer-helps-mitigate-uaf-exploits\/.  TrendLabs. Isolated Heap for Internet Explorer Helps Mitigate UAF Exploits. http:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/isolated-hea%p-for-internet-explorer-helps-mitigate-uaf-exploits\/."},{"volume-title":"Hackito Ergo Sum","year":"2012","author":"Wicherski G.","key":"e_1_3_2_1_32_1"},{"volume-title":"CanSecWest","year":"2014","author":"Yan T.","key":"e_1_3_2_1_33_1"},{"volume-title":"FreeSentry: Protecting Against Use-After-Free Vulnerabilities Due to Dangling Pointers","year":"2015","author":"Younan Y.","key":"e_1_3_2_1_34_1"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/2187671.2187679"}],"event":{"name":"CCS'15: The 22nd ACM Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Denver Colorado USA","acronym":"CCS'15"},"container-title":["Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2810103.2813637","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2810103.2813637","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T05:48:36Z","timestamp":1750225716000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2810103.2813637"}},"subtitle":["Unleashing Use-After-Free Vulnerabilities in Linux Kernel"],"short-title":[],"issued":{"date-parts":[[2015,10,12]]},"references-count":35,"alternative-id":["10.1145\/2810103.2813637","10.1145\/2810103"],"URL":"https:\/\/doi.org\/10.1145\/2810103.2813637","relation":{},"subject":[],"published":{"date-parts":[[2015,10,12]]},"assertion":[{"value":"2015-10-12","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}