KernelSnitch: Side Channel-Attacks on Kernel Data Structures
Lukas Maar
Network and Distributed System Security (NDSS) Symposium 2025 · Day 2 · Side Channels 1
"KernelSnitch" presents a groundbreaking investigation into a novel operating system side channel that leverages subtle timing differences when accessing kernel data structures. Presented by Lukas Maar, with collaboration from Yolas, this research exposes a critical vulnerability in the fundamental isolation mechanisms of modern operating systems, particularly the Linux kernel. The talk highlights how untrusted user-space processes can deduce security-critical information by observing the latency of system calls that interact with kernel data structures.
AI review
KernelSnitch is the real deal — original kernel-level side channel research that delivers three working attacks, a clean threat model, and a KASLR bypass for heap pointers that nobody had pulled off before via pure timing. The Linus patch-rejection subplot makes it both more alarming and more interesting: this isn't academic theater, it's an unpatched vulnerability in production Linux.