{"guid":"62a4c312-72d1-42da-a84e-99f97b52d0f6","title":"Race For Root: The Analysis Of The Linux Kernel Race Condition Exploit","subtitle":null,"slug":"SHA2017-295-race_for_root_the_analysis_of_the_linux_kernel_race_condition_exploit","link":"https://c3voc.de","description":"CVE-2017-2636 is a 7-year old race condition in the Linux kernel that was fixed by Alexander Popov in March, 2017. This vulnerability affected all major Linux distributions. It can be exploited to gain a local privilege escalation. In this presentation Alexander will describe the PoC exploit for CVE-2017-2636. He will explain the effective method of hitting the race condition and show the following exploitation techniques: turning double-free into use-after-free, heap spraying and stabilization, SMEP bypass.\n\n#DeviceSecurity","original_language":"eng","persons":["Alexander Popov"],"tags":["SHA2017","295"],"view_count":354,"promoted":false,"date":"2017-08-07T00:00:00.000+02:00","release_date":"2017-08-07T02:00:00.000+02:00","updated_at":"2026-04-17T09:45:05.361+02:00","length":3281,"duration":3281,"thumb_url":"https://static.media.ccc.de/media/events/SHA2017/295-hd.jpg","poster_url":"https://static.media.ccc.de/media/events/SHA2017/295-hd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/SHA2017/62a4c312-72d1-42da-a84e-99f97b52d0f6-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/SHA2017/62a4c312-72d1-42da-a84e-99f97b52d0f6-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/SHA2017-295-race_for_root_the_analysis_of_the_linux_kernel_race_condition_exploit","url":"https://api.media.ccc.de/public/events/62a4c312-72d1-42da-a84e-99f97b52d0f6","conference_title":"SHA2017: Still Hacking Anyway","conference_url":"https://api.media.ccc.de/public/conferences/SHA2017","related":[{"event_id":4240,"event_guid":"dec63dd2-d66b-419d-863d-c20fd5ce91dd","weight":8},{"event_id":4265,"event_guid":"9ba5a35b-0608-40f1-84ec-e02c387cb60b","weight":7},{"event_id":4267,"event_guid":"e02b1946-a7ce-4779-a4c2-d120a43edd19","weight":10},{"event_id":4322,"event_guid":"e41aee32-a8c0-4dce-b55a-a13aac7b5cad","weight":7},{"event_id":4341,"event_guid":"5c35e3c2-ec03-46f2-901c-90f3bead4a04","weight":9},{"event_id":4343,"event_guid":"57920452-ce5b-4194-a768-fed44de6d779","weight":9},{"event_id":4344,"event_guid":"e856b1b3-ac67-42a4-ab7a-50a8d58d413e","weight":8},{"event_id":4352,"event_guid":"05007c06-fc8b-468a-b1e9-b4ff9ec8149e","weight":9},{"event_id":4353,"event_guid":"24d83f1e-e578-413a-b406-1dd2244c90fd","weight":9},{"event_id":4361,"event_guid":"54fd6dc6-c0c7-46d5-b122-4b94ec8ba635","weight":12}],"recordings":[{"size":221,"length":3281,"mime_type":"video/mp4","language":"eng","filename":"SHA2017-295-eng-Race_For_Root_The_Analysis_Of_The_Linux_Kernel_Race_Condition_Exploit_hd.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2017-08-07T22:32:08.080+02:00","recording_url":"https://cdn.media.ccc.de/events/SHA2017/h264-hd/SHA2017-295-eng-Race_For_Root_The_Analysis_Of_The_Linux_Kernel_Race_Condition_Exploit_hd.mp4","url":"https://api.media.ccc.de/public/recordings/18133","event_url":"https://api.media.ccc.de/public/events/62a4c312-72d1-42da-a84e-99f97b52d0f6","conference_url":"https://api.media.ccc.de/public/conferences/SHA2017"},{"size":49,"length":3266,"mime_type":"audio/mpeg","language":"eng","filename":"SHA2017-295-eng-Race_For_Root_The_Analysis_Of_The_Linux_Kernel_Race_Condition_Exploit.mp3","state":"new","folder":"mp3","high_quality":false,"width":0,"height":0,"updated_at":"2017-08-07T22:40:28.736+02:00","recording_url":"https://cdn.media.ccc.de/events/SHA2017/mp3/SHA2017-295-eng-Race_For_Root_The_Analysis_Of_The_Linux_Kernel_Race_Condition_Exploit.mp3","url":"https://api.media.ccc.de/public/recordings/18140","event_url":"https://api.media.ccc.de/public/events/62a4c312-72d1-42da-a84e-99f97b52d0f6","conference_url":"https://api.media.ccc.de/public/conferences/SHA2017"},{"size":36,"length":3266,"mime_type":"audio/opus","language":"eng","filename":"SHA2017-295-eng-Race_For_Root_The_Analysis_Of_The_Linux_Kernel_Race_Condition_Exploit.opus","state":"new","folder":"opus","high_quality":false,"width":0,"height":0,"updated_at":"2017-08-07T22:40:55.732+02:00","recording_url":"https://cdn.media.ccc.de/events/SHA2017/opus/SHA2017-295-eng-Race_For_Root_The_Analysis_Of_The_Linux_Kernel_Race_Condition_Exploit.opus","url":"https://api.media.ccc.de/public/recordings/18142","event_url":"https://api.media.ccc.de/public/events/62a4c312-72d1-42da-a84e-99f97b52d0f6","conference_url":"https://api.media.ccc.de/public/conferences/SHA2017"},{"size":86,"length":3281,"mime_type":"video/mp4","language":"eng","filename":"SHA2017-295-eng-Race_For_Root_The_Analysis_Of_The_Linux_Kernel_Race_Condition_Exploit_sd.mp4","state":"new","folder":"h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2017-08-07T22:56:31.656+02:00","recording_url":"https://cdn.media.ccc.de/events/SHA2017/h264-sd/SHA2017-295-eng-Race_For_Root_The_Analysis_Of_The_Linux_Kernel_Race_Condition_Exploit_sd.mp4","url":"https://api.media.ccc.de/public/recordings/18148","event_url":"https://api.media.ccc.de/public/events/62a4c312-72d1-42da-a84e-99f97b52d0f6","conference_url":"https://api.media.ccc.de/public/conferences/SHA2017"},{"size":108,"length":3281,"mime_type":"video/webm","language":"eng","filename":"SHA2017-295-eng-Race_For_Root_The_Analysis_Of_The_Linux_Kernel_Race_Condition_Exploit_webm-sd.webm","state":"new","folder":"webm-sd","high_quality":false,"width":720,"height":576,"updated_at":"2017-08-07T23:06:07.669+02:00","recording_url":"https://cdn.media.ccc.de/events/SHA2017/webm-sd/SHA2017-295-eng-Race_For_Root_The_Analysis_Of_The_Linux_Kernel_Race_Condition_Exploit_webm-sd.webm","url":"https://api.media.ccc.de/public/recordings/18166","event_url":"https://api.media.ccc.de/public/events/62a4c312-72d1-42da-a84e-99f97b52d0f6","conference_url":"https://api.media.ccc.de/public/conferences/SHA2017"},{"size":277,"length":3281,"mime_type":"video/webm","language":"eng","filename":"SHA2017-295-eng-Race_For_Root_The_Analysis_Of_The_Linux_Kernel_Race_Condition_Exploit_webm-hd.webm","state":"new","folder":"webm-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2017-08-07T23:53:21.383+02:00","recording_url":"https://cdn.media.ccc.de/events/SHA2017/webm-hd/SHA2017-295-eng-Race_For_Root_The_Analysis_Of_The_Linux_Kernel_Race_Condition_Exploit_webm-hd.webm","url":"https://api.media.ccc.de/public/recordings/18195","event_url":"https://api.media.ccc.de/public/events/62a4c312-72d1-42da-a84e-99f97b52d0f6","conference_url":"https://api.media.ccc.de/public/conferences/SHA2017"}]}