By employing a timing side channel while exploiting the heap vulnerabilities, which essentially allow attackers to manipulate the kernel’s memory allocation process, the researchers were able to pinpoint the exact moment of memory allocation and de-allocation, making the determination of frequently used caches extremely accurate.
These caches are then shown to be reallocated to allow attackers to manipulate the page table and read and write any memory allocation. SLUBStick can work with at least nine existing exploitations, including CVE-2023-21400, CVE-2023-3609, CVE-2022-32250, CVE-2022-29582, CVE-2022-27666, CVE-2022-2588, CVE-2022-0995, CVE-2021-4157, and CVE-2021-3492.
Effective with pre-requisites
The attack was found effective against all modern kernel defenses, including Supervisor Mode Execution Prevention (SMEP), Supervisor Mode Access Prevention (SMAP), and Kernel Address Space Layout Randomization (KASLR).
