Linux Kernel Exploitation Part 3: Ret2Usr and SMEP

Introduction

I’d like to talk about the ret2usr attack in Linux kernel exploitation and the corresponding Supervisor Mode Execution Prevention (SMEP). Rather than detailing the exploitation details in control flow hijacking, this post will explain what is ret2usr attack and what is the expected behaviour from SMEP.
Continue reading “Linux Kernel Exploitation Part 3: Ret2Usr and SMEP”