LINUX KERNEL 6 — USE-AFTER-FREE (UAF)
MITIGASI ◆ TEKNIK BYPASS ◆ TARGET SUBSYSTEM
LINUX KERNEL 6
USE-AFTER-FREE
⬡ UAF
FUNDAMENTALS
⬡ SLUB
ALLOCATOR
⬡ EXPLOITATION
PRIMITIVES
⬡ MITIGASI
KERNEL 6.x
⬡ TEKNIK
BYPASS
⬡ TARGET
SUBSYSTEMS
▸ Dangling ptr post-kfree()
▸ Heap chunk di-reuse objek
▸ Type confusion antar objek
▸ CWE-416 | Memory Safety
▸ kmem_cache per-type obj
▸ kmalloc-8 ~ kmalloc-4096
▸ Freelist in-band (next ptr)
▸ Per-CPU slab & partial list
▸ SLUB_DEBUG tracing flags
▸ Arbitrary Read → info leak
▸ Arbitrary Write → cred/fptr
▸ RIP ctrl via vtable/ops ptr
▸ Cross-cache type confusion
▸ KASLR defeat via addr leak
▸ KFENCE: sampled detector
▸ FREELIST_HARDENED (XOR)
▸ INIT_ON_FREE: zero slab
▸ kCFI: Control Flow Integrity
▸ KASLR + SMEP + SMAP
▸ FREELIST_RANDOM shuffle
▸ Heap Spray & Grooming
▸ Cross-cache Confusion atk
▸ msg_msg / pipe_buf spray
▸ userfaultfd race control
▸ FUSE passthrough (race)
▸ setxattr arbitrary alloc
▸ ksmbd: in-kernel SMB3
▸ io_uring async I/O ring
▸ BPF verifier type escape
▸ mm/mseal CVE-2026-23416
▸ net: sk_buff / socket layer
UAF Fundamentals
SLUB Allocator
Exploitation Primitives
Mitigasi Kernel 6.x
Teknik Bypass
Target Subsystems
Blue Dragon Security | bluedragonsec.com | @w1sdom | Linux Kernel 6 UAF Research — Tangerang, Indonesia
0x00000000
CVE-2026-23416