=== Abstract perf is a complex system in linux kernel, and exists other vulnerabilities like CVE-2013-2094. Di Shen, a member of Keen Team, presetated a parper (Defeating Samsung KNOX with zero privilege)[1] that mentioned CVE-2016-6787[2]. Analysis of CVE-2016-6787 This is a double-free vulnerability. The vulnerable object is struct perf_event_context. Review below code firstly, the mainly bug is in the if(move_group) statement; thus set move_group to 1 is necessary. We will talk about how t...
