KernelSnitch: Uncovering a New Side-Channel Attack on Data Structures
gbhackersResearchers at Graz University of Technology have uncovered a groundbreaking software-based side-channel attack, KernelSnitch, which exploits timing variances in Linux kernel data structures.
Unlike hardware-dependent attacks, KernelSnitch targets hash tables, radix trees, and red-black trees, enabling unprivileged attackers to leak sensitive data across isolated processes, as per a report by a Researcher Published on Github.
The Vulnerability: Kernel Data Structures as Silent Leakers
Operating systems rely on dynamic data structures like hash tables and trees to manage metadata for user-space locks, timers, and inter-process communication (IPC).
KernelSnitch exploits a critical architectural oversight: the time required to access these structures depends on their occupancy (number of elements).
By measuring syscall execution times, attackers infer occupancy levels and extract secrets.
How KernelSnitch Works
- Timing Measurement: Attackers trigger syscalls (e.g., futex, msgget) that interact with kernel structures.
- Occupancy Inference: Longer syscall durations indicate higher occupancy due to iterative searches (e.g., traversing ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE