KernelSnitch: Uncovering a New Side-Channel Attack on Data Structures

Researchers at Graz University of Technology have uncovered a groundbreaking software-based side-channel attack, KernelSnitch, which exploits timing variances in Linux kernel data structures.

Unlike hardware-dependent attacks, KernelSnitch targets hash tables, radix trees, and red-black trees, enabling unprivileged attackers to leak sensitive data across isolated processes, as per a report by a Researcher Published on Github.

The Vulnerability: Kernel Data Structures as Silent Leakers

Operating systems rely on dynamic data structures like hash tables and trees to manage metadata for user-space locks, timers, and inter-process communication (IPC).

KernelSnitch exploits a critical architectural oversight: the time required to access these structures depends on their occupancy (number of elements).

By measuring syscall execution times, attackers infer occupancy levels and extract secrets.

How KernelSnitch Works

1. Timing Measurement: Attackers trigger syscalls (e.g., futex, msgget) that interact with kernel structures.
2. Occupancy Inference: Longer syscall durations indicate higher occupancy due to iterative searches (e.g., traversing ...