Notes

So today we’ll be looking at (user) page table exploitation. If you’ve been keeping up with some of the great kernel exploitation research put out there lately (of which I will be sharing plenty of in this article, don’t worry!), you might have noticed a trend in techniques targeting page tables in order to gain powerful read/write primitives.

The goal for this post is to provide some insight into why targeting page tables can be such a powerful exploitation technique. We’ll do a primer on how paging works in Linux, to give us some context, before looking at how we can gain control of page tables in the first place, how to exploit them for privilege escalation and mitigations to be aware of. Kernel Exploitation Techniques: Turning The (Page) Tables