Statically Discover Cross-Entry Use-After-Free Vulnerabilities in the Linux Kernel
Hang Zhang
Network and Distributed System Security (NDSS) Symposium 2025 · Day 1 · System-Level Security
Use-After-Free (UAF) vulnerabilities remain one of the most dangerous and prevalent classes of software security issues, despite extensive research and development in automated detection tools. This talk, presented by Hang Zhang at the NDSS Symposium, delves into the persistent challenge of discovering modern UAFs, particularly in large, complex codebases like the Linux kernel. The core problem addressed is the difficulty static analyzers face when the memory allocation, freeing, and subsequent erroneous use occur across different, independent entry functions – a scenario dubbed "cross-entry UAF." Existing tools often struggle with the intricate alias relationships and the nuanced interplay of various code semantics (like locks, conditions, and pointer notifications) that dictate whether a UAF is truly exploitable.
AI review
Solid systems-security research with a real contribution: a static analyzer that actually ships findings (10 zero-days in Linux kernel drivers) by solving the cross-entry alias problem that makes existing tools useless for this UAF class. The SMT-backed partial-order feasibility model is the interesting novelty here, and the results justify the approach.