Introduction


The number of vulnerabilities in drivers has dramatically increased, i.e Reversemode has publicily disclosed approximately 10 advisories related with drivers vulnerabilities in the previous 12 months [1].

Despite of the fact that there are various resources on drivers exploiting [2] [3] [4] [5], there is still a lack of documentation about how to exploit an arbitrary kernel address overwrite. Even though this is the most common flaw, sometimes it is not clear whether or not the flaw may allow arbitrary code execution within the kernel context.

Anyway,if you manage to modify even just one bit at a controlled kernel address,likely you will have the chance to elaborate the proper path in order to execute your own ring0 code.

This paper discusses our approach for exploiting common device driver flaws.

This is the initial release for the paper, it will be updated to add additional methods. This paper does not contain any vulnerability but just exploiting techniques.

Download  "Exploiting Common Flaws in Drivers"