{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T06:40:10Z","timestamp":1755844810599,"version":"3.44.0"},"publisher-location":"New York, NY, USA","reference-count":117,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,12,2]],"date-time":"2024-12-02T00:00:00Z","timestamp":1733097600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100006374","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["CNS-2238467,CNS-2104148,CNS-1749895"],"award-info":[{"award-number":["CNS-2238467,CNS-2104148,CNS-1749895"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,12,2]]},"DOI":"10.1145\/3658644.3670279","type":"proceedings-article","created":{"date-parts":[[2024,12,9]],"date-time":"2024-12-09T12:19:20Z","timestamp":1733746760000},"page":"1345-1359","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["Safeslab: Mitigating Use-After-Free Vulnerabilities via Memory Protection Keys"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0009-3389-9837","authenticated-orcid":false,"given":"Marius","family":"Momeu","sequence":"first","affiliation":[{"name":"Technical University of Munich & Brown University, Munich, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-0740-6495","authenticated-orcid":false,"given":"Simon","family":"Schn\u00fcckel","sequence":"additional","affiliation":[{"name":"Technical University of Munich, Munich, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-1277-4646","authenticated-orcid":false,"given":"Kai","family":"Angnis","sequence":"additional","affiliation":[{"name":"Technical University of Munich, Munich, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3106-0343","authenticated-orcid":false,"given":"Michalis","family":"Polychronakis","sequence":"additional","affiliation":[{"name":"Stony Brook University, Stony Brook, NY, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6528-437X","authenticated-orcid":false,"given":"Vasileios P.","family":"Kemerlis","sequence":"additional","affiliation":[{"name":"Brown University, Providence, RI, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2024,12,9]]},"reference":[{"volume-title":"MarkUs: Drop-In Use-After-Free Prevention for Low-Level Languages. In IEEE Symposium on Security and Privacy (S&P). 578--591","author":"Ainsworth Sam","key":"e_1_3_2_1_1_1","unstructured":"Sam Ainsworth and Timothy M. Jones. 2020. MarkUs: Drop-In Use-After-Free Prevention for Low-Level Languages. In IEEE Symposium on Security and Privacy (S&P). 578--591."},{"key":"e_1_3_2_1_2_1","unstructured":"Alejandro Guerrero. 2022. N-day Exploit for CVE-2022--2586: Linux Kernel textttnft_object UAF. https:\/\/www.openwall.com\/lists\/oss-security\/2022\/08\/29\/5."},{"key":"e_1_3_2_1_3_1","unstructured":"Alexander Popov. 2017. Race for Root: Analysis of the Linux Kernel Race Condition Exploit. https:\/\/program.sha2017.org\/system\/event_attachments\/attachments\/000\/000\/111\/original\/a13xp0p0v_race_for_root_SHA2017.pdf."},{"key":"e_1_3_2_1_4_1","unstructured":"Alexander Popov. 2019. CVE-2019--18683: Exploiting a Linux Kernel Vulnerability in the V4L2 Subsystem. https:\/\/a13xp0p0v.github.io\/2020\/02\/15\/CVE-2019--18683.html."},{"key":"e_1_3_2_1_5_1","unstructured":"Alexander Popov. 2021. Four Bytes of Power: Exploiting CVE-2021--26708 in the Linux kernel. https:\/\/a13xp0p0v.github.io\/2021\/02\/09\/CVE-2021--26708.html."},{"key":"e_1_3_2_1_6_1","unstructured":"Andrey Konovalov. 2017. CVE-2016--2384: Exploiting a double-free in the Linux kernel USB MIDI driver. https:\/\/xairy.io\/articles\/cve-2016--2384."},{"key":"e_1_3_2_1_7_1","unstructured":"Andrey Konovalov. 2017. CVE-2017--6074: Exploiting a Double-Free in the Linux Kernel DCCP Sockets. https:\/\/xairy.io\/articles\/cve-2017--6074."},{"key":"e_1_3_2_1_8_1","unstructured":"Awarau and pql. 2022. CVE-2022--29582: An textttio_uring Vulnerability. https:\/\/ruia-ruia.github.io\/2022\/08\/05\/CVE-2022--29582-io-uring\/."},{"key":"e_1_3_2_1_9_1","unstructured":"Joe Bialek Ken Johnson Matt Miller and Tony Chen. 2020. Security Analysis of Memory Tagging. https:\/\/github.com\/microsoft\/MSRC-Security-Research\/blob\/master\/papers\/2020\/Security analysis of memory tagging.pdf."},{"key":"e_1_3_2_1_10_1","volume-title":"MPKAlloc: Efficient Heap Meta-data Integrity Through Hardware Memory Protection Keys. In International Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA). 136--155","author":"Blair William","year":"2022","unstructured":"William Blair, William Robertson, and Manuel Egele. 2022. MPKAlloc: Efficient Heap Meta-data Integrity Through Hardware Memory Protection Keys. In International Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA). 136--155."},{"key":"e_1_3_2_1_11_1","volume-title":"Mostly Parallel Garbage Collection. In ACM Conference on Programming Language Design and Implementation (PLDI). 157--164","author":"Boehm J","year":"1991","unstructured":"Hans-J Boehm, Alan J Demers, and Scott Shenker. 1991. Mostly Parallel Garbage Collection. In ACM Conference on Programming Language Design and Implementation (PLDI). 157--164."},{"key":"e_1_3_2_1_12_1","volume-title":"The Slab Allocator: An Object-Caching Kernel Memory Allocator. In USENIX Summer Technical Conference. 87--98","author":"Bonwick Jeff","year":"1994","unstructured":"Jeff Bonwick. 1994. The Slab Allocator: An Object-Caching Kernel Memory Allocator. In USENIX Summer Technical Conference. 87--98."},{"key":"e_1_3_2_1_13_1","volume-title":"Bovet and Marco Cesati","author":"Daniel","year":"2005","unstructured":"Daniel P. Bovet and Marco Cesati. 2005. Understanding the Linux Kernel. 294--350."},{"key":"e_1_3_2_1_14_1","volume-title":"USENIX Security Symposium (SEC). 249--266","author":"Canella Claudio","year":"2019","unstructured":"Claudio Canella, Jo Van Bulck, Michael Schwarz, Moritz Lipp, Benjamin Von Berg, Philipp Ortner, Frank Piessens, Dmitry Evtyushkin, and Daniel Gruss. 2019. A Systematic Evaluation of Transient Execution Attacks and Defenses. In USENIX Security Symposium (SEC). 249--266."},{"key":"e_1_3_2_1_15_1","volume-title":"SETTLERS OF NETLINK: Exploiting a Limited UAF in textttnf_tables (CVE-2022--32250). https:\/\/research.nccgroup.com\/2022\/09\/01\/settlers-of-netlink-exploiting-a-limited-uaf-in-nf_tables-cve-2022--32250\/.","author":"Halbronn Cedric","year":"2022","unstructured":"Cedric Halbronn. 2022. SETTLERS OF NETLINK: Exploiting a Limited UAF in textttnf_tables (CVE-2022--32250). https:\/\/research.nccgroup.com\/2022\/09\/01\/settlers-of-netlink-exploiting-a-limited-uaf-in-nf_tables-cve-2022--32250\/."},{"key":"e_1_3_2_1_16_1","unstructured":"Silvio Cesare. 2020. An Analysis of Linux Kernel Heap Hardening. https:\/\/blog.infosectcbr.com.au\/2020\/04\/an-analysis-of-linux-kernel-heap.html."},{"key":"e_1_3_2_1_17_1","unstructured":"Silvio Cesare. 2020. Bit Flipping Attacks Against Free List Pointer Obfuscation. https:\/\/blog.infosectcbr.com.au\/2020\/04\/bit-flipping-attacks-against-free-list.html."},{"key":"e_1_3_2_1_18_1","unstructured":"Silvio Cesare. 2020. Weaknesses in Linux Kernel Heap Hardening. https:\/\/blog.infosectcbr.com.au\/2020\/03\/weaknesses-in-linux-kernel-heap.html."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3423353"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363212"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"crossref","unstructured":"Haehyun Cho Jinbum Park Adam Oest Tiffany Bao Ruoyu Wang Yan Shoshitaishvili Adam Doup\u00e9 and Gail-Joon Ahn. 2022. ViK: Practical Mitigation of Temporal Memory Safety Violations Through Object ID Inspection. In ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS). 271--284.","DOI":"10.1145\/3503222.3507780"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3579856.3590330"},{"key":"e_1_3_2_1_23_1","volume-title":"PKU Pitfalls: Attacks on PKU-based Memory Isolation Systems. In USENIX Security Symposium (SEC). 1409--1426","author":"Connor R Joseph","year":"2020","unstructured":"R Joseph Connor, Tyler McDaniel, Jared M Smith, and Max Schuchard. 2020. PKU Pitfalls: Attacks on PKU-based Memory Isolation Systems. In USENIX Security Symposium (SEC). 1409--1426."},{"key":"e_1_3_2_1_24_1","unstructured":"Jonathan Corbet. 2020. Memory protection keys for the kernel. https:\/\/lwn.net\/Articles\/826554\/."},{"volume-title":"Linux Device Drivers","author":"Corbet Jonathan","key":"e_1_3_2_1_25_1","unstructured":"Jonathan Corbet and Alessandro Rubini. 2001. Linux Device Drivers, Second Edition. https:\/\/www.oreilly.com\/library\/view\/linux-device-drivers\/0596000081\/ch07s04.html."},{"key":"e_1_3_2_1_26_1","volume-title":"Understanding Linux Malware. In IEEE Symposium on Security and Privacy (S&P). IEEE, 161--175","author":"Cozzi Emanuele","year":"2018","unstructured":"Emanuele Cozzi, Mariano Graziano, Yanick Fratantonio, and Davide Balzarotti. 2018. Understanding Linux Malware. In IEEE Symposium on Security and Privacy (S&P). IEEE, 161--175."},{"key":"e_1_3_2_1_27_1","volume-title":"Oscar: A Practical Page-Permissions-Based Scheme for Thwarting Dangling Pointers. In USENIX Security Symposium (SEC). 815--832","author":"Dang Thurston HY","year":"2017","unstructured":"Thurston HY Dang, Petros Maniatis, and David Wagner. 2017. Oscar: A Practical Page-Permissions-Based Scheme for Thwarting Dangling Pointers. In USENIX Security Symposium (SEC). 815--832."},{"key":"e_1_3_2_1_28_1","unstructured":"Stephane Eranian Eric Gouriou Tipp Moseley and Willem de Bruijn. 2024. Linux Kernel Profiling with textttperf. https:\/\/perf.wiki.kernel.org\/index.php\/Tutorial."},{"key":"e_1_3_2_1_29_1","volume-title":"Drop-In Use-After-Free Prevention. In ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS). 212--225","author":"ErdHos M\u00e1rton","year":"2022","unstructured":"M\u00e1rton ErdHos, Sam Ainsworth, and Timothy M Jones. 2022. MineSweeper: a \u201cClean Sweep\u201d for Drop-In Use-After-Free Prevention. In ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS). 212--225."},{"key":"e_1_3_2_1_30_1","volume-title":"USENIX Security Symposium (SEC). 1037--1054","author":"Farkhani Reza Mirzazade","year":"2021","unstructured":"Reza Mirzazade Farkhani, Mansour Ahmadi, and Long Lu. 2021. PTAuth: Temporal Memory Safety via Robust Points-to Authentication. In USENIX Security Symposium (SEC). 1037--1054."},{"key":"e_1_3_2_1_31_1","unstructured":"Flat Security Inc. 2021. CVE-2021--20226: A Reference Counting Bug which Leads to Local Privilege Escalation in textttio_uring. https:\/\/flattsecurity.medium.com\/cve-2021--20226-a-reference-counting-bug-which-leads-to-local-privilege-escalation-in-io-uring-e946bd69177a."},{"volume-title":"FineIBT: Fine-grain Control-flow Enforcement with Indirect Branch Tracking. In International Symposium on Research in Attacks, Intrusions and Defenses (RAID). 527--546","author":"Gaidis Alexander J","key":"e_1_3_2_1_32_1","unstructured":"Alexander J Gaidis, Joao Moreira, Ke Sun, Alyssa Milburn, Vaggelis Atlidakis, and Vasileios P. Kemerlis. 2023. FineIBT: Fine-grain Control-flow Enforcement with Indirect Branch Tracking. In International Symposium on Research in Attacks, Intrusions and Defenses (RAID). 527--546."},{"key":"e_1_3_2_1_33_1","unstructured":"GNU libc. 2024. textttmalloc. http:\/\/man7.org\/linux\/man-pages\/man3\/malloc.3.html."},{"key":"e_1_3_2_1_34_1","unstructured":"Google. 2024. PartitionAlloc Design. https:\/\/chromium.googlesource.com\/chromium\/src\/\/master\/base\/allocator\/partition_allocator\/PartitionAlloc.md."},{"key":"e_1_3_2_1_35_1","unstructured":"Google Project. 2018. A Cache Invalidation Bug in Linux Memory Management. https:\/\/googleprojectzero.blogspot.com\/2018\/09\/a-cache-invalidation-bug-in-linux.html."},{"key":"e_1_3_2_1_36_1","unstructured":"Google Security Research. 2023. CVE-2023-0461. https:\/\/github.com\/google\/security-research\/tree\/master\/pocs\/linux\/kernelctf\/CVE-2023-0461_mitigation\/docs."},{"key":"e_1_3_2_1_37_1","unstructured":"Google Security Research. 2023. CVE-2023--3390. https:\/\/github.com\/google\/security-research\/tree\/master\/pocs\/linux\/kernelctf\/CVE-2023--3390_lts_cos_mitigation\/docs."},{"key":"e_1_3_2_1_38_1","unstructured":"Google Security Research. 2023. CVE-2023--3390_lts_cos_mitigation. https:\/\/github.com\/google\/security-research\/blob\/master\/pocs\/linux\/kernelctf\/CVE-2023--3390_lts_cos_mitigation\/docs\/exploit.md."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560625"},{"key":"e_1_3_2_1_40_1","volume-title":"Fast Intra-kernel Isolation and Security with IskiOS. In International Symposium on Research in Attacks, Intrusions and Defenses (RAID). 119--134","author":"Gravani Spyridoula","year":"2021","unstructured":"Spyridoula Gravani, Mohammad Hedayati, John Criswell, and Michael L Scott. 2021. Fast Intra-kernel Isolation and Security with IskiOS. In International Symposium on Research in Attacks, Intrusions and Defenses (RAID). 119--134."},{"key":"e_1_3_2_1_41_1","unstructured":"GRIMM Cyber. 2021. New Old Bugs in the Linux Kernel. https:\/\/blog.grimm-co.com\/2021\/03\/new-old-bugs-in-linux-kernel.html."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"crossref","unstructured":"Daniel Gruss Moritz Lipp Michael Schwarz Richard Fellner Cl\u00e9mentine Maurice and Stefan Mangard. 2017. KASLR is Dead: Long Live KASLR. In Engineering Secure Software and Systems (ESSoS). 161--176.","DOI":"10.1007\/978-3-319-62105-0_11"},{"key":"e_1_3_2_1_43_1","volume-title":"Harmonizing Performance and Isolation in Microkernels with Efficient Intra-kernel Isolation and Communication. In USENIX Annual Technical Conference (ATC). 401--417","author":"Gu Jinyu","year":"2020","unstructured":"Jinyu Gu, Xinyue Wu, Wentai Li, Nian Liu, Zeyu Mi, Yubin Xia, and Haibo Chen. 2020. Harmonizing Performance and Isolation in Microkernels with Efficient Intra-kernel Isolation and Communication. In USENIX Annual Technical Conference (ATC). 401--417."},{"key":"e_1_3_2_1_44_1","unstructured":"Hardened Linux. 2016. Exploiting on CVE-2016--6787. https:\/\/hardenedlinux.github.io\/system-security\/2017\/10\/16\/Exploiting-on-CVE-2016--6787.html."},{"key":"e_1_3_2_1_45_1","volume-title":"Hodor: Intra-process Isolation for High-throughput Data Plane Libraries. In USENIX Annual Technical Conference (ATC). 489--504","author":"Hedayati Mohammad","year":"2019","unstructured":"Mohammad Hedayati, Spyridoula Gravani, Ethan Johnson, John Criswell, Michael L Scott, Kai Shen, and Mike Marty. 2019. Hodor: Intra-process Isolation for High-throughput Data Plane Libraries. In USENIX Annual Technical Conference (ATC). 489--504."},{"key":"e_1_3_2_1_46_1","unstructured":"Jann Horn. 2022. textttMITIGATION_README. https:\/\/github.com\/thejh\/linux\/blob\/slub-virtual\/MITIGATION_README."},{"key":"e_1_3_2_1_47_1","unstructured":"Apple Inc. 2022. Towards the next generation of XNU memory safety: textttkalloc_type. https:\/\/security.apple.com\/blog\/towards-the-next-generation-of-xnu-memory-safety\/."},{"key":"e_1_3_2_1_48_1","unstructured":"Intel. 2024. Intel\u00ae 64 and IA-32 Architectures Software Developer?s Manual. https:\/\/cdrdv2.intel.com\/v1\/dl\/getContent\/671200."},{"key":"e_1_3_2_1_49_1","unstructured":"iovisor. 2024. BPF Compiler Collection (BCC). https:\/\/github.com\/iovisor\/bcc."},{"key":"e_1_3_2_1_50_1","unstructured":"Jann Horn. 2020. Mitigating (Some) Use-After-Frees in the Linux Kernel. https:\/\/lssna2020.sched.com\/event\/c74I\/mitigating-some-use-after-frees-in-the-linux-kernel-jann-horn-google."},{"key":"e_1_3_2_1_51_1","unstructured":"javierprtd Blog. 2020. CVE-2020--27786 Exploitation: textttuserfaultfd Patching textttfile struct \/etc\/passwd. https:\/\/soez.github.io\/posts\/CVE-2020--27786-exploitation-userfaultfd--patching-file-struct-etc-passwd\/."},{"key":"e_1_3_2_1_52_1","unstructured":"jemalloc. 2024. jemalloc. https:\/\/jemalloc.net."},{"volume-title":"EPF: Evil Packet Filter. In USENIX Annual Technical Conference (ATC). 735--751","author":"Jin Di","key":"e_1_3_2_1_53_1","unstructured":"Di Jin, Vaggelis Atlidakis, and Vasileios P. Kemerlis. 2023. EPF: Evil Packet Filter. In USENIX Annual Technical Conference (ATC). 735--751."},{"volume-title":"USENIX Security Symposium (SEC).","author":"Jin Di","key":"e_1_3_2_1_54_1","unstructured":"Di Jin, Alexander J Gaidis, and Vasileios P. Kemerlis. 2024. BeeBox: Hardening BPF against Transient Execution Attacks. In USENIX Security Symposium (SEC)."},{"key":"e_1_3_2_1_55_1","unstructured":"Jonathan Corbet. 2017. Hardened Usercopy Whitelisting. https:\/\/lwn.net\/Articles\/727322\/."},{"key":"e_1_3_2_1_56_1","unstructured":"Jonathan Corbet. 2020. The Rapid Growth of textttio_uring. https:\/\/lwn.net\/Articles\/810414\/."},{"volume-title":"USENIX Security Symposium (SEC). 957--972","author":"Kemerlis Vasileios P.","key":"e_1_3_2_1_57_1","unstructured":"Vasileios P. Kemerlis, Michalis Polychronakis, and Angelos D. Keromytis. 2014. ret2dir: Rethinking Kernel Isolation. In USENIX Security Symposium (SEC). 957--972."},{"key":"e_1_3_2_1_58_1","unstructured":"The Linux Kernel. 2024. Page Table Isolation (PTI). https:\/\/www.kernel.org\/doc\/html\/latest\/x86\/pti.html."},{"key":"e_1_3_2_1_59_1","unstructured":"The Linux Kernel. 2024. Physical Memory Model. https:\/\/docs.kernel.org\/mm\/memory-model.html."},{"key":"e_1_3_2_1_60_1","volume-title":"A Fast Storage Allocator. Commun. ACM","author":"Knowlton Kenneth C","year":"1965","unstructured":"Kenneth C Knowlton. 1965. A Fast Storage Allocator. Commun. ACM (1965), 623--624."},{"key":"e_1_3_2_1_61_1","volume-title":"Spectre Attacks: Exploiting Speculative Execution. In IEEE Symposium on Security and Privacy (S&P). 1--19","author":"Kocher Paul","year":"2019","unstructured":"Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2019. Spectre Attacks: Exploiting Speculative Execution. In IEEE Symposium on Security and Privacy (S&P). 1--19."},{"key":"e_1_3_2_1_62_1","unstructured":"Mathias Krause. 2022. Canary in the Kernel Mine: Exploiting and Defending Against Same-Type Object Reuse. https:\/\/grsecurity.net\/exploiting_and_defending_against_same_type_object_reuse."},{"key":"e_1_3_2_1_63_1","unstructured":"kylebot's Blog. 2022. [CVE-2022--1786] A Journey To The Dawn. https:\/\/blog.kylebot.net\/2022\/10\/16\/CVE-2022--1786\/."},{"key":"e_1_3_2_1_64_1","unstructured":"Lam Jun Rong. 2022. textttio_uring -- New Code New Bugs and a New Exploit Technique. https:\/\/www.starlabs.sg\/blog\/2022\/06-io_uring-new-code-new-bugs-and-a-new-exploit-technique\/."},{"key":"e_1_3_2_1_65_1","unstructured":"Christoph Lameter. 2014. Slab Allocators in the Linux Kernel: textttSLAB textttSLOB textttSLUB. https:\/\/events.static.linuxfound.org\/sites\/events\/files\/slides\/slaballocators.pdf."},{"key":"e_1_3_2_1_66_1","volume-title":"Preventing Use-After-Free With Dangling Pointers Nullification. In Network and Distributed System Security Symposium (NDSS).","author":"Lee Byoungyoung","year":"2015","unstructured":"Byoungyoung Lee, Chengyu Song, Yeongjin Jang, Tielei Wang, Taesoo Kim, Long Lu, and Wenke Lee. 2015. Preventing Use-After-Free With Dangling Pointers Nullification. In Network and Distributed System Security Symposium (NDSS)."},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560585"},{"key":"e_1_3_2_1_68_1","unstructured":"Lin Ma. 2021. Blue Klotski (CVE-2021--3573) and the Story for Fixing. https:\/\/f0rm2l1n.github.io\/2021-07--23-Blue-Klotski\/."},{"key":"e_1_3_2_1_69_1","volume-title":"Meltdown: Reading Kernel Memory From User Space. In USENIX Security Symposium (SEC). 973--990","author":"Lipp Moritz","year":"2018","unstructured":"Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. 2018. Meltdown: Reading Kernel Memory From User Space. In USENIX Security Symposium (SEC). 973--990."},{"key":"e_1_3_2_1_70_1","unstructured":"Lizzie Dixon. 2017. Notes about CVE-2016--7117. https:\/\/blog.lizzie.io\/notes-about-cve-2016--7117.html."},{"key":"e_1_3_2_1_71_1","volume-title":"DOPE: DOmain Protection Enforcement with PKS. In Annual Computer Security Applications Conference (ACSAC). 662--676","author":"Maar Lukas","year":"2023","unstructured":"Lukas Maar, Martin Schwarzl, Fabian Rauscher, Daniel Gruss, and Stefan Mangard. 2023. DOPE: DOmain Protection Enforcement with PKS. In Annual Computer Security Applications Conference (ACSAC). 662--676."},{"key":"e_1_3_2_1_72_1","unstructured":"Maxime Peterlin and Philip Pettersson and Alexandre Adamski and Alex Radocea. 2020. Exploiting a Single Instruction Race Condition in Binder. https:\/\/www.longterm.io\/cve-2020-0423.html."},{"key":"e_1_3_2_1_73_1","volume-title":"USENIX Annual Technical Conference (ATC). 279--294","author":"McVoy Larry W","year":"1996","unstructured":"Larry W McVoy and Carl Staelin. 1996. lmbench: Portable Tools for Performance Analysis. In USENIX Annual Technical Conference (ATC). 279--294."},{"volume-title":"ISLAB: Immutable Memory Management Metadata for Commodity Operating System Kernels. In ACM ASIA Conference on Computer and Communications Security (ASIA CCS).","author":"Momeu Marius","key":"e_1_3_2_1_74_1","unstructured":"Marius Momeu, Fabian Kilger, Christopher Roemheld, Simon Schn\u00fcckel, Sergej Proskurin, Michalis Polychronakis, and Vasileios P. Kemerlis. 2024. ISLAB: Immutable Memory Management Metadata for Commodity Operating System Kernels. In ACM ASIA Conference on Computer and Communications Security (ASIA CCS)."},{"key":"e_1_3_2_1_75_1","doi-asserted-by":"publisher","DOI":"10.1145\/1806651.1806657"},{"key":"e_1_3_2_1_76_1","volume-title":"Binary-level Directed Fuzzing for Use-After-Free Vulnerabilities. In International Symposium on Research in Attacks, Intrusions and Defenses (RAID). 47--62","author":"Nguyen Manh-Dung","year":"2020","unstructured":"Manh-Dung Nguyen, S\u00e9bastien Bardin, Richard Bonichon, Roland Groz, and Matthieu Lemerre. 2020. Binary-level Directed Fuzzing for Use-After-Free Vulnerabilities. In International Symposium on Research in Attacks, Intrusions and Defenses (RAID). 47--62."},{"key":"e_1_3_2_1_77_1","unstructured":"Vitaly Nikolenko. 2016. CVE-2016--6187: Exploiting Linux Kernel Heap Off-by-One. https:\/\/duasynt.com\/blog\/cve-2016--6187-heap-off-by-one-exploit."},{"volume-title":"DieHarder: Securing the Heap. In ACM Conference on Computer and Communications Security (CCS). 573--584","author":"Novark Gene","key":"e_1_3_2_1_78_1","unstructured":"Gene Novark and Emery D. Berger. 2010. DieHarder: Securing the Heap. In ACM Conference on Computer and Communications Security (CCS). 573--584."},{"key":"e_1_3_2_1_79_1","volume-title":"USENIX Annual Technical Conference (ATC). 241--254","author":"Park Soyeon","year":"2019","unstructured":"Soyeon Park, Sangho Lee, Wen Xu, Hyungon Moon, and Taesoo Kim. 2019. libmpk: Software Abstraction for Intel Memory Protection Keys (Intel MPK). In USENIX Annual Technical Conference (ATC). 241--254."},{"key":"e_1_3_2_1_80_1","unstructured":"Patryk Sondej and Piotr Krysiuk. 2023. CVE-2023--32233: Privilege Escalation in Linux Kernel due to a netfilter textttnf_tables Vulnerability. https:\/\/www.tarlogic.com\/blog\/cve-2023--32233-vulnerability\/."},{"key":"e_1_3_2_1_81_1","unstructured":"Alexander Popov. 2017. Race for Root: The Analysis Of the Linux Kernel Race Condition Exploit. https:\/\/media.ccc.de\/v\/SHA2017--295-race_for_root_the_analysis_of_the_linux_kernel_race_condition_exploit."},{"key":"e_1_3_2_1_82_1","unstructured":"Alexander Popov. 2020. Linux Kernel Heap Quarantine Versus Use-After-Free Exploits. https:\/\/a13xp0p0v.github.io\/2020\/11\/30\/slab-quarantine.html."},{"key":"e_1_3_2_1_83_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00041"},{"key":"e_1_3_2_1_84_1","unstructured":"PTS. 2024. Phoronix Test Suite. https:\/\/www.phoronix-test-suite.com."},{"key":"e_1_3_2_1_85_1","unstructured":"Querijn Voet. 2023. CVE-2023--3389 -- LinkedPoll. https:\/\/qyn.app\/posts\/CVE-2023--3389\/."},{"key":"e_1_3_2_1_86_1","unstructured":"Ruihan Li. 2023. StackRot (CVE-2023--3269): Linux Kernel Privilege Escalation Vulnerability. https:\/\/github.com\/lrh2000\/StackRot."},{"key":"e_1_3_2_1_87_1","volume-title":"Jenny: Securing Syscalls for PKU-based Memory Isolation Systems. In USENIX Security Symposium (SEC). 936--952","author":"Schrammel David","year":"2022","unstructured":"David Schrammel, Samuel Weiser, Richard Sadek, and Stefan Mangard. 2022. Jenny: Securing Syscalls for PKU-based Memory Isolation Systems. In USENIX Security Symposium (SEC). 936--952."},{"key":"e_1_3_2_1_88_1","unstructured":"SecWiki. 2020. Linux Kernel Exploits. https:\/\/github.com\/SecWiki\/linux-kernel-exploits."},{"key":"e_1_3_2_1_89_1","unstructured":"SecWiki. 2021. Windows Kernel Exploits. https:\/\/github.com\/SecWiki\/windows-kernel-exploits."},{"key":"e_1_3_2_1_90_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23541"},{"key":"e_1_3_2_1_91_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133957"},{"key":"e_1_3_2_1_92_1","volume-title":"Guarder: A Tunable Secure Allocator. In USENIX Security Symposium (SEC). 117--133","author":"Silvestro Sam","year":"2018","unstructured":"Sam Silvestro, Hongyu Liu, Tianyi Liu, Zhiqiang Lin, and Tongping Liu. 2018. Guarder: A Tunable Secure Allocator. In USENIX Security Symposium (SEC). 117--133."},{"key":"e_1_3_2_1_93_1","volume-title":"Intra-unikernel Isolation with Intel Memory Protection Keys. In ACM International Conference on Virtual Execution Environments (VEE). 143--156","author":"Sung Mincheol","year":"2020","unstructured":"Mincheol Sung, Pierre Olivier, Stefan Lankes, and Binoy Ravindran. 2020. Intra-unikernel Isolation with Intel Memory Protection Keys. In ACM International Conference on Virtual Execution Environments (VEE). 143--156."},{"key":"e_1_3_2_1_94_1","unstructured":"The Linux Kernel. 2024. Memory Protection Keys. https:\/\/www.kernel.org\/doc\/html\/latest\/core-api\/protection-keys.html."},{"key":"e_1_3_2_1_95_1","unstructured":"The Linux Kernel. 2024. Unaligned Memory Accesses. https:\/\/www.kernel.org\/doc\/html\/next\/core-api\/unaligned-memory-access.html."},{"key":"e_1_3_2_1_96_1","unstructured":"Theori Vulnerability Research. 2022. Linux Kernel Exploit (CVE-2022--32250) with textttmqueue. https:\/\/blog.theori.io\/linux-kernel-exploit-cve-2022--32250-with-mqueue-a8468f32aab5."},{"key":"e_1_3_2_1_97_1","volume-title":"USENIX Security Symposium (SEC). 1221--1238","author":"Vahldiek-Oberwagner Anjo","year":"2019","unstructured":"Anjo Vahldiek-Oberwagner, Eslam Elnikety, Nuno O Duarte, Michael Sammler, Peter Druschel, and Deepak Garg. 2019. ERIM: Secure, Efficient In-Process Isolation with Protection Keys (MPK). In USENIX Security Symposium (SEC). 1221--1238."},{"key":"e_1_3_2_1_98_1","unstructured":"Valentina Palmiotti. 2022. Put an io_uring on it: Exploiting the Linux Kernel. https:\/\/www.graplsecurity.com\/post\/iou-ring-exploiting-the-linux-kernel."},{"key":"e_1_3_2_1_99_1","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274705"},{"key":"e_1_3_2_1_100_1","doi-asserted-by":"publisher","DOI":"10.1145\/3064176.3064211"},{"key":"e_1_3_2_1_101_1","unstructured":"Vincent Dehors. 2021. Exploitation of a Double Free Vulnerability in Ubuntu textttshiftfs Driver (CVE-2021--3492). https:\/\/www.synacktiv.com\/publications\/exploitation-of-a-double-free-vulnerability-in-ubuntu-shiftfs-driver-cve-2021--3492.html."},{"key":"e_1_3_2_1_102_1","volume-title":"European Conference on Computer Systems (EuroSys). 266--282","author":"Voulimeneas Alexios","year":"2022","unstructured":"Alexios Voulimeneas, Jonas Vinck, Ruben Mechelinck, and Stijn Volckaert. 2022. You Shall Not (by)Pass! Practical, Secure, and Fast PKU-based Sandboxing. In European Conference on Computer Systems (EuroSys). 266--282."},{"key":"e_1_3_2_1_103_1","unstructured":"Vu Thi Lan. 2023. Breaking the Code -- Exploiting and Examining CVE-2023--1829 in textttcls_tcindex Classifier Vulnerability. https:\/\/starlabs.sg\/blog\/2023\/06-breaking-the-code-exploiting-and-examining-cve-2023--1829-in-cls_tcindex-classifier-vulnerability\/."},{"key":"e_1_3_2_1_104_1","unstructured":"Wang Yong. 2019. From Zero to Root: Building Universal Android Rooting with a Type Confusion Vulnerability. https:\/\/github.com\/ThomasKing2014\/slides\/blob\/master\/Building%20universal%20Android%20rooting%20with%20a%20type%20confusion%20vulnerability.pdf."},{"key":"e_1_3_2_1_105_1","volume-title":"CHERI: A Hybrid Capability-System Architecture for Scalable Software Compartmentalization. In IEEE Symposium on Security and Privacy (S&P). 20--37","author":"Watson Robert N.M.","year":"2015","unstructured":"Robert N.M. Watson, Jonathan Woodruff, Peter G. Neumann, Simon W. Moore, Jonathan Anderson, David Chisnall, Nirav Dave, Brooks Davis, Khilan Gudka, Ben Laurie, Steven J. Murdoch, Robert Norton, Michael Roe, Stacey Son, and Munraj Vadera. 2015. CHERI: A Hybrid Capability-System Architecture for Scalable Software Compartmentalization. In IEEE Symposium on Security and Privacy (S&P). 20--37."},{"key":"e_1_3_2_1_106_1","volume-title":"Preventing Use-After-Free Attacks with Fast Forward Allocation. In USENIX Security Symposium (SEC). 2453--2470","author":"Wickman Brian","year":"2021","unstructured":"Brian Wickman, Hong Hu, Insu Yun, DaeHee Jang, JungWon Lim, Sanidhya Kashyap, and Taesoo Kim. 2021. Preventing Use-After-Free Attacks with Fast Forward Allocation. In USENIX Security Symposium (SEC). 2453--2470."},{"key":"e_1_3_2_1_107_1","unstructured":"Wolfram Gloger. 2006. textttptmalloc. http:\/\/www.malloc.de\/en\/."},{"key":"e_1_3_2_1_108_1","volume-title":"Dirty Pagetable: A Novel Exploitation Technique To Rule Linux Kernel. https:\/\/yanglingxi1993.github.io\/dirty_pagetable\/dirty_pagetable.html.","author":"Wu Nicolas","year":"2024","unstructured":"Nicolas Wu. 2024. Dirty Pagetable: A Novel Exploitation Technique To Rule Linux Kernel. https:\/\/yanglingxi1993.github.io\/dirty_pagetable\/dirty_pagetable.html."},{"key":"e_1_3_2_1_109_1","volume-title":"FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities. In USENIX Security Symposium (SEC). 781--797","author":"Wu Wei","year":"2018","unstructured":"Wei Wu, Yueqi Chen, Jun Xu, Xinyu Xing, Xiaorui Gong, and Wei Zou. 2018. FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities. In USENIX Security Symposium (SEC). 781--797."},{"key":"e_1_3_2_1_110_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3559344"},{"key":"e_1_3_2_1_111_1","doi-asserted-by":"publisher","DOI":"10.1145\/3442479"},{"key":"e_1_3_2_1_112_1","volume-title":"KRACE: Data Race Fuzzing for Kernel File Systems. In IEEE Symposium on Security and Privacy (S&P). 1643--1660","author":"Xu Meng","year":"2020","unstructured":"Meng Xu, Sanidhya Kashyap, Hanqing Zhao, and Taesoo Kim. 2020. KRACE: Data Race Fuzzing for Kernel File Systems. In IEEE Symposium on Security and Privacy (S&P). 1643--1660."},{"key":"e_1_3_2_1_113_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23190"},{"key":"e_1_3_2_1_114_1","volume-title":"USENIX Security Symposium (SEC). 71--88","author":"Zeng Kyle","year":"2022","unstructured":"Kyle Zeng, Yueqi Chen, Haehyun Cho, Xinyu Xing, Adam Doup\u00e9, Yan Shoshitaishvili, and Tiffany Bao. 2022. Playing for K(H)eaps: Understanding and Improving Linux Kernel Exploit Reliability. In USENIX Security Symposium (SEC). 71--88."},{"key":"e_1_3_2_1_115_1","unstructured":"Google Project Zero. 2022. The More You Know The More You Know You Don?t Know. https:\/\/googleprojectzero.blogspot.com\/2022\/04\/the-more-you-know-more-you-know-you.html."},{"key":"e_1_3_2_1_116_1","unstructured":"Zhenpeng Lin. 2023. Bad textttio_uring: A New Era of Rooting for Android. https:\/\/i.blackhat.com\/BH-US-23\/Presentations\/US-23-Lin-bad_io_uring.pdf."},{"key":"e_1_3_2_1_117_1","doi-asserted-by":"publisher","DOI":"10.1145\/3586038"}],"event":{"name":"CCS '24: ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Salt Lake City UT USA","acronym":"CCS '24"},"container-title":["Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3670279","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3658644.3670279","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T06:00:34Z","timestamp":1755842434000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3670279"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,2]]},"references-count":117,"alternative-id":["10.1145\/3658644.3670279","10.1145\/3658644"],"URL":"https:\/\/doi.org\/10.1145\/3658644.3670279","relation":{},"subject":[],"published":{"date-parts":[[2024,12,2]]},"assertion":[{"value":"2024-12-09","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}