Quiz Entry - updated: 2026.07.07
What happens when you exploit an integer overflow vulnerability to read kernel memory?
A bypassed size check makes a copy run past its buffer, leaking adjacent kernel memory — secrets and all — back to the attacker.
$ ./kcopy -1000
Oops, illegal memory access. Let's see what we have in the buffer:
a b c d e f g h i j k l m n o p <- kernel buffer (allowed)
q r s t u v w x y z A B C D E F
G H I J K L M N O P Q R S T U V
W X Y Z 0 1 2 3 4 5 6 7 8 9 ! ?
5 5 2 2 - 9 0 3 9 - 3 7 3 1 - 6 <- CREDIT CARD NUMBER (secret!)
6 7 2 . . . . . . . . . . . . .
The exploit:
- Passing negative size bypasses the length check
memcpytreats negative as huge unsigned value- Copies way past the allowed buffer
- Exposes secret kernel memory including sensitive data
Lesson: Always validate input, use correct types, check for overflow!
Go deeper:
CWE-125: Out-of-bounds Read (MITRE) — a bad/oversized length parameter drives a buffer over-read that leaks adjacent memory.
Heartbleed (Wikipedia) — the archetypal missing-bounds-check over-read, dumping up to 64 KB of process memory including keys.