SafeFetch: Practical Double-Fetch Protection with Kernel-Fetch Caching
Victor Duta
33rd USENIX Security Symposium · Day 1 · USENIX Security '24
This talk, presented by Victor Duta at USENIX Security '24, introduces **SafeFetch**, a novel approach to defend the kernel against a critical class of vulnerabilities known as **double-fetch bugs**. These bugs arise when the kernel fetches the same user-space data multiple times within a single system call without proper re-sanitization, creating a **Time-of-Check to Time-of-Use (TOCTOU)** race condition. An attacker can exploit this window by modifying the user-space data between the kernel's fetches, leading to privilege escalation, information disclosure, or system instability.
AI review
This talk presents SafeFetch, a genuinely novel and highly efficient kernel-side caching mechanism that provides robust protection against double-fetch vulnerabilities. It significantly outperforms existing solutions by leveraging empirical data on kernel fetch patterns, offering a practical path to harden operating system kernels without prohibitive overhead.