Premium
A survey of the double‐fetch vulnerabilities
Author(s) -
Wang Pengfei,
Lu Kai,
Li Gen,
Zhou Xu
Publication year - 2017
Publication title -
concurrency and computation: practice and experience
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.309
H-Index - 67
eISSN - 1532-0634
pISSN - 1532-0626
DOI - 10.1002/cpe.4345
Subject(s) - fetch , computer science , concurrency , vulnerability (computing) , consistency (knowledge bases) , computer security , distributed computing , artificial intelligence , oceanography , geology
Summary Race conditions widely exist in concurrent programs, and concurrency errors caused by harmful races could lead to severe system failures. A double fetch is a typical situation when the system kernel inevitably accesses user space data multiple times, and it turns into a vulnerability when the data consistency is violated under a special race condition between kernel and user space. In this survey, we present the first (to the best of our knowledge) comprehensive study on double‐fetch vulnerabilities in the real world. Our study is based on the investigation of 91 real‐world double‐fetch vulnerabilities collected from the CVE database and other relevant reports, which covers a period of recent 12 years. Our work reveals some interesting findings on the double‐fetch vulnerabilities, ranging from the various occurrences across different kernels and system levels to the involvement of specific patterns. We also divide the consequences that are usually caused by the double‐fetch vulnerabilities into four categories and discuss each, summarize viable exploitation techniques from existing works, provide useful guidances to detect and practical strategies to prevent double‐fetch vulnerabilities.