Breaking Bits
Supervisor Mode Access Prevention (SMAP)
Supervisor Mode Access Prevention is a mitigation introduced by intel to prevent the CPU executing in kernel mode from executing usermode instructions.
There is a SMAP bit in the CR4 control register that dictates whether user-space memory is allowed to be accessed while in a privileged mode. If the bit is set and the processor attempts to access a userspace region of memory, then a page fault will trigger a SMAP violation and result in OOPS.
This means that a ROPChain can't be stored in userspace, or else a SMAP violation will occur. Throughout this exploit series, the chain has been stored in kernel space, so the existing exploit will still work when adding the SMAP protection.
Copy link