LOGBOOK

HELP

Quiz Entry - updated: 2026.07.07

What happens when you exploit an integer overflow vulnerability to read kernel memory?

A bypassed size check makes a copy run past its buffer, leaking adjacent kernel memory — secrets and all — back to the attacker.

$ ./kcopy -1000
Oops, illegal memory access. Let's see what we have in the buffer:
  a b c d e f g h i j k l m n o p    <- kernel buffer (allowed)
  q r s t u v w x y z A B C D E F
  G H I J K L M N O P Q R S T U V
  W X Y Z 0 1 2 3 4 5 6 7 8 9 ! ?
  5 5 2 2 - 9 0 3 9 - 3 7 3 1 - 6    <- CREDIT CARD NUMBER (secret!)
  6 7 2 . . . . . . . . . . . . .

The exploit:

  • Passing negative size bypasses the length check
  • memcpy treats negative as huge unsigned value
  • Copies way past the allowed buffer
  • Exposes secret kernel memory including sensitive data

Lesson: Always validate input, use correct types, check for overflow!

Go deeper:

From Quiz: REVE1 / Overview of Computer Systems | Updated: Jul 07, 2026