{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,12]],"date-time":"2026-05-12T18:07:59Z","timestamp":1778609279426,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":50,"publisher":"ACM","license":[{"start":{"date-parts":[[2019,11,6]],"date-time":"2019-11-06T00:00:00Z","timestamp":1572998400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["1718459"],"award-info":[{"award-number":["1718459"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2019,11,6]]},"DOI":"10.1145\/3319535.3363212","type":"proceedings-article","created":{"date-parts":[[2019,11,7]],"date-time":"2019-11-07T13:08:32Z","timestamp":1573132112000},"page":"1707-1722","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":45,"title":["SLAKE"],"prefix":"10.1145","author":[{"given":"Yueqi","family":"Chen","sequence":"first","affiliation":[{"name":"Pennsylvania State University, State College, PA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xinyu","family":"Xing","sequence":"additional","affiliation":[{"name":"Pennsylvania State University, State College, PA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2019,11,6]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"2019. Code and Exploits for SLAKE. (2019). https:\/\/github.com\/chenyueqi\/SLAKE.git.  2019. Code and Exploits for SLAKE. (2019). https:\/\/github.com\/chenyueqi\/SLAKE.git."},{"key":"e_1_3_2_2_2_1","unstructured":"0x3f97. 2018. cve-2017--8890 root case analysis. (2018). https:\/\/0x3f97.github.io\/exploit\/2018\/08\/13\/cve-2017--8890-root-case-analysis\/.  0x3f97. 2018. cve-2017--8890 root case analysis. (2018). https:\/\/0x3f97.github.io\/exploit\/2018\/08\/13\/cve-2017--8890-root-case-analysis\/."},{"key":"e_1_3_2_2_3_1","volume-title":"Alexandre Rebert, Edward J. Schwartz, Maverick Woo, and David Brumley.","author":"Avgerinos Thanassis","year":"2014"},{"key":"e_1_3_2_2_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.67"},{"key":"e_1_3_2_2_5_1","volume-title":"Bovet and Marco Cesati","author":"Daniel","year":"2010"},{"key":"e_1_3_2_2_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.17"},{"key":"e_1_3_2_2_7_1","first-page":"2010","volume":"201","journal-title":"Kees Cook."},{"key":"e_1_3_2_2_8_1","unstructured":"The MITRE Corporation. 2019. common Vulnerability and Exposures. (2019). https:\/\/cve.mitre.org\/cve\/.  The MITRE Corporation. 2019. common Vulnerability and Exposures. (2019). https:\/\/cve.mitre.org\/cve\/."},{"key":"e_1_3_2_2_9_1","unstructured":"SSD Secure Disclosure. 2017. SSD Advisory -- Linux Kernel AF_PACKET Use-After-Free. (2017). https:\/\/ssd-disclosure.com\/archives\/3484.  SSD Secure Disclosure. 2017. SSD Advisory -- Linux Kernel AF_PACKET Use-After-Free. (2017). https:\/\/ssd-disclosure.com\/archives\/3484."},{"key":"e_1_3_2_2_10_1","unstructured":"Jake Edge. 2014. The kernel address sanitizer. (2014). https:\/\/lwn.net\/Articles\/612153\/.  Jake Edge. 2014. The kernel address sanitizer. (2014). https:\/\/lwn.net\/Articles\/612153\/."},{"key":"e_1_3_2_2_11_1","unstructured":"The FreeBSD Foundation. 2019. The FreeBSD Project. (2019). https:\/\/www.freebsd.org\/.  The FreeBSD Foundation. 2019. The FreeBSD Project. (2019). https:\/\/www.freebsd.org\/."},{"key":"e_1_3_2_2_12_1","unstructured":"Wolfram Gloger. 2006. Wolfram Gloger's malloc homepage. (2006).http:\/\/www.malloc.de\/en\/.  Wolfram Gloger. 2006. Wolfram Gloger's malloc homepage. (2006).http:\/\/www.malloc.de\/en\/."},{"key":"e_1_3_2_2_13_1","unstructured":"google. 2019. syzkaller - kernel fuzzer. (2019). https:\/\/github.com\/google\/syzkaller.  google. 2019. syzkaller - kernel fuzzer. (2019). https:\/\/github.com\/google\/syzkaller."},{"key":"e_1_3_2_2_14_1","unstructured":"Samuel Grob. 2014. Linux local root exploit for CVE-2014-0038. (2014). https:\/\/github.com\/saelo\/cve-2014-0038.  Samuel Grob. 2014. Linux local root exploit for CVE-2014-0038. (2014). https:\/\/github.com\/saelo\/cve-2014-0038."},{"key":"e_1_3_2_2_15_1","volume-title":"Proceedings of the 27th USENIX Security Symposium(USENIX Security).","author":"Heelan S","year":"2018"},{"key":"e_1_3_2_2_16_1","unstructured":"Jann Horn. 2018. A cache invalidation bug in Linux memory management.(2018). https:\/\/googleprojectzero.blogspot.com\/2018\/09\/a-cache-invalidation-bug-in-linux.html.  Jann Horn. 2018. A cache invalidation bug in Linux memory management.(2018). https:\/\/googleprojectzero.blogspot.com\/2018\/09\/a-cache-invalidation-bug-in-linux.html."},{"key":"e_1_3_2_2_17_1","volume-title":"Proceedings of the 18th USENIX Security Symposium(USENIX Security).","author":"Hund Ralf"},{"key":"e_1_3_2_2_18_1","unstructured":"ianamason. 2019. Whole Program LLVM: wllvm ported to go. (2019). https:\/\/github.com\/SRI-CSL\/gllvm.  ianamason. 2019. Whole Program LLVM: wllvm ported to go. (2019). https:\/\/github.com\/SRI-CSL\/gllvm."},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243739"},{"key":"e_1_3_2_2_20_1","volume-title":"Proceedings of the 23rd USENIX Security Symposium(USENIX Security).","author":"Kemerlis Vasileios P."},{"key":"e_1_3_2_2_21_1","unstructured":"Andrey Konovalov. 2017. Exploiting the Linux kernel via packetsockets.(2017). https:\/\/googleprojectzero.blogspot.com\/2017\/05\/exploiting-linux-kernel-via-packet.html.  Andrey Konovalov. 2017. Exploiting the Linux kernel via packetsockets.(2017). https:\/\/googleprojectzero.blogspot.com\/2017\/05\/exploiting-linux-kernel-via-packet.html."},{"key":"e_1_3_2_2_22_1","unstructured":"Andrey Konovalov. 2017. A proof-of-concept local root exploit for CVE-2017--6074.(2017). https:\/\/github.com\/xairy\/kernel-exploits\/blob\/master\/CVE-2017--6074\/poc.c.  Andrey Konovalov. 2017. A proof-of-concept local root exploit for CVE-2017--6074.(2017). https:\/\/github.com\/xairy\/kernel-exploits\/blob\/master\/CVE-2017--6074\/poc.c."},{"key":"e_1_3_2_2_23_1","first-page":"2017","volume":"201","journal-title":"Lexfo."},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23387"},{"key":"e_1_3_2_2_25_1","unstructured":"Matt Mackall. 2005. slob: introduce the SLOB allocator. (2005). https:\/\/lwn.net\/Articles\/157944\/.  Matt Mackall. 2005. slob: introduce the SLOB allocator. (2005). https:\/\/lwn.net\/Articles\/157944\/."},{"key":"e_1_3_2_2_26_1","unstructured":"Rohit Mothe and Rodrigo Rubira Branco. 2016. DPTrace: Dual Purpose Trace for Exploitability Analysis of Program Crashes. In Black Hat USA Briefings.  Rohit Mothe and Rodrigo Rubira Branco. 2016. DPTrace: Dual Purpose Trace for Exploitability Analysis of Program Crashes. In Black Hat USA Briefings."},{"key":"e_1_3_2_2_27_1","first-page":"2014","volume":"201","journal-title":"Vitaly Nikolenko."},{"key":"e_1_3_2_2_28_1","unstructured":"Jon Oberheide. 2010. Linux Kernel CAN SLUB Overflow. (2010). https:\/\/jon.oberheide.org\/blog\/2010\/09\/10\/linux-kernel-can-slub-overflow\/.  Jon Oberheide. 2010. Linux Kernel CAN SLUB Overflow. (2010). https:\/\/jon.oberheide.org\/blog\/2010\/09\/10\/linux-kernel-can-slub-overflow\/."},{"key":"e_1_3_2_2_29_1","volume-title":"Proceedings of the 27th USENIX Security Symposium(USENIX Security).","author":"Pailoor Shankara","year":"2018"},{"key":"e_1_3_2_2_30_1","unstructured":"Christopher M. Penalver. 2016. How to triage bugs. (2016). https:\/\/wiki.ubuntu.com\/Bugs\/Importance.  Christopher M. Penalver. 2016. How to triage bugs. (2016). https:\/\/wiki.ubuntu.com\/Bugs\/Importance."},{"key":"e_1_3_2_2_31_1","unstructured":"Enrico Perla and Massimiliano Oldani. 2010.A Guide to Kernel Exploitation. Elsevier.  Enrico Perla and Massimiliano Oldani. 2010.A Guide to Kernel Exploitation. Elsevier."},{"key":"e_1_3_2_2_32_1","first-page":"2017","volume":"201","journal-title":"Alexander Popov."},{"key":"e_1_3_2_2_33_1","unstructured":"Android Open Source Project. 2019. Common Android Kernel Tree. (2019). https:\/\/android.googlesource.com\/kernel\/common\/.  Android Open Source Project. 2019. Common Android Kernel Tree. (2019). https:\/\/android.googlesource.com\/kernel\/common\/."},{"key":"e_1_3_2_2_34_1","unstructured":"LLVM Project. 2019. LLVM 6.0.0 Release Notes. (2019). http:\/\/releases.llvm.org\/6.0.0\/docs\/ReleaseNotes.html.  LLVM Project. 2019. LLVM 6.0.0 Release Notes. (2019). http:\/\/releases.llvm.org\/6.0.0\/docs\/ReleaseNotes.html."},{"key":"e_1_3_2_2_35_1","volume-title":"Modular Synthesis of Heap Exploits. In ACM SIGSAC Workshop on Programming Languages and Analysis for Security(PLAS).","author":"Repel Dusan","year":"2017"},{"key":"e_1_3_2_2_36_1","unstructured":"Steven Rostedt. 2009. Debugging the kernel using Ftrace. (2009). https:\/\/lwn.net\/Articles\/365835\/.  Steven Rostedt. 2009. Debugging the kernel using Ftrace. (2009). https:\/\/lwn.net\/Articles\/365835\/."},{"key":"e_1_3_2_2_37_1","unstructured":"Chris Salls. 2017. Exploiting CVE-2017--5123 with full protections. SMEP SMAP and the Chrome Sandbox!(2017). https:\/\/salls.github.io\/Linux-Kernel-CVE-2017--5123\/.  Chris Salls. 2017. Exploiting CVE-2017--5123 with full protections. SMEP SMAP and the Chrome Sandbox!(2017). https:\/\/salls.github.io\/Linux-Kernel-CVE-2017--5123\/."},{"key":"e_1_3_2_2_38_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23294"},{"key":"e_1_3_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.17"},{"key":"e_1_3_2_2_40_1","volume-title":"https:\/\/www.gnu.org\/software\/gdb\/","author":"Stallman Richard M.","year":"2019"},{"key":"e_1_3_2_2_41_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23368"},{"key":"e_1_3_2_2_42_1","unstructured":"Dmitry Vyukov. 2018. syzbot and the tale of thousand kernel bugs. (2018). https:\/\/events.linuxfoundation.org\/wp-content\/uploads\/2017\/11\/Syzbot-and-the-Tale-of-Thousand-Kernel-Bugs-Dmitry-Vyukov-Google.pdf.  Dmitry Vyukov. 2018. syzbot and the tale of thousand kernel bugs. (2018). https:\/\/events.linuxfoundation.org\/wp-content\/uploads\/2017\/11\/Syzbot-and-the-Tale-of-Thousand-Kernel-Bugs-Dmitry-Vyukov-Google.pdf."},{"key":"e_1_3_2_2_43_1","volume-title":"Proceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation(OSDI).","author":"Wang Xi"},{"key":"e_1_3_2_2_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243847"},{"key":"e_1_3_2_2_45_1","volume-title":"Proceedings of the 28th USENIX Security Symposium(USENIX Security).","author":"Wu Wei","year":"2019"},{"key":"e_1_3_2_2_46_1","volume-title":"Proceedings of the 27th USENIX Security Symposium(USENIX Security).","author":"Wu Wei","year":"2018"},{"key":"e_1_3_2_2_47_1","unstructured":"ww9210. 2019. exploit code for a bpf heap overflow vulnerability. (2019). https:\/\/github.com\/ww9210\/kernel4.20_bpf_LPE.  ww9210. 2019. exploit code for a bpf heap overflow vulnerability. (2019). https:\/\/github.com\/ww9210\/kernel4.20_bpf_LPE."},{"key":"e_1_3_2_2_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813637"},{"key":"e_1_3_2_2_49_1","unstructured":"Masahiro Yamada and Jani Nikula. 2019. kcov:code coverage for fuzzing. (2019). https:\/\/github.com\/torvalds\/linux\/blob\/master\/Documentation\/dev-tools\/kcov.rst.  Masahiro Yamada and Jani Nikula. 2019. kcov:code coverage for fuzzing. (2019). https:\/\/github.com\/torvalds\/linux\/blob\/master\/Documentation\/dev-tools\/kcov.rst."},{"key":"e_1_3_2_2_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134085"}],"event":{"name":"CCS '19: 2019 ACM SIGSAC Conference on Computer and Communications Security","location":"London United Kingdom","acronym":"CCS '19","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3319535.3363212","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3319535.3363212","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3319535.3363212","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:44:32Z","timestamp":1750203872000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3319535.3363212"}},"subtitle":["Facilitating Slab Manipulation for Exploiting Vulnerabilities in the Linux Kernel"],"short-title":[],"issued":{"date-parts":[[2019,11,6]]},"references-count":50,"alternative-id":["10.1145\/3319535.3363212","10.1145\/3319535"],"URL":"https:\/\/doi.org\/10.1145\/3319535.3363212","relation":{},"subject":[],"published":{"date-parts":[[2019,11,6]]},"assertion":[{"value":"2019-11-06","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}