Ever since I got into security, kernel exploitation has fascinated me. So for my bachelor’s thesis, I finally decided to take a first dive into this deep and complex field - one that always seems to have more layers to uncover.
Over the past three months, I’ve been exploring the world of kernel exploitation. My goal was to get a hands-on look at how modern kernel exploits work by analyzing a real-world vulnerability. For this, I looked at CVE-2023-2163, a privilege escalation vulnerability in the eBPF subsystem of the Linux kernel. My approach was largely inspired by the excellent work of Juan José López Jaimez and Meador Inge, who wrote a great blog post on this topic.
Before diving into the practical side, I first took a theoretical look at the vulnerability to understand its root cause and how it could be exploited. After that, my research involved setting up a test environment, verifying the exploit, and debugging it in real-time to analyze its behavior. Obviously this was just scratching the surface, there’s still a lot more to learn, but it was a great introduction to the field.
If you’re interested in the full breakdown, check out my thesis here (Heads up: it’s written in German). Use my nick as password.