Compiler Vulnerability Allows Stack Overflow Attacks
In the set of compilers GCC, a vulnerability has been detected that allows attackers to circumvent the “-fstack-Protector” mode, which provides protection against stack overflow attacks. The vulnerability, identified as CVE-2023-4039, is specifically manifested in applications compiled for the Aarch64 architecture and using dynamic memory for variables.
This vulnerability enables attackers to exploit vulnerabilities that lead to buffer overflow, despite the inclusion of protection measures. For instance, the protection can be bypassed when memory is allocated using the Alloca() function or when variable lengths are used in the code, allowing the possibility of indicating the variable as the size when creating an array (e.g., “VOID FOO (Int n (int n ) {int m [n];”). However, it is important to note that this vulnerability does not affect the Linux kernel, as the use of variable lengths in its code was discontinued in the release of 4.20 in 2018.
The “-fstack-Protector” protection works by adding random sequences called canary marks to the stack after signs and objects. The immutability of these marks is checked during operation. If a buffer overflow occurs and the canary mark is overwritten by other data, the subsequent verification of the mark’s immutability triggers the emergency termination of the application. However, the vulnerability lies in the fact that dynamically allocated local variables on Aarch64 systems are placed after the canary mark in memory. As a result, when the overflow affects dynamic variables, it does not damage the mark, leading to the overflow going undetected.