A kernel race condition vulnerability is difficult to exploit, because thread interleaving is non-deterministic and cannot be controlled. Thus, conventional exploitation techniques against kernel races simply attempt to brute force, i.e., keep exploiting the race in hopes that the execution orders happen to be indeed racing. However, we observed that many kernel races cannot be exploited through brute forcing including three recent Linux kernel race vulnerabilities, because the chance to race is virtually zero.
By Yoochan Lee, Byoungyoung Lee, Changwoo Min
Full Abstract & Presentation Materials: https://www.blackhat.com/us-20/briefings/schedule/#exploiting-kernel-races-through-taming-thread-interleaving-20223