Assistant Professor of Department of Network and Cyber Security, National University of Defense Technology.
Researcher of Intelligent and Parallel Analysis of Software Security Key Lab (iPASS) of Hunan Province.
Member of Hunter Security Group.
[2020-03] Sabotaging the System Boundary: A Study of the Inter-boundary Vulnerability
[2020-03] EcoFuzz: Adaptive Energy-Saving Greybox Fuzzing as a Variant of the Adversarial Multi-Armed Bandit
[2019-09] Poster: Fuzzing IoT Firmware via Multi-stage Message Generation
[2018-12] AVPredictor: Comprehensive Prediction and Detection of Atomicity Violations
[2018-05] DFTinker: Detecting and Fixing Double-fetch Bugs in an Automated Way
[2018-03] Untrusted Hardware Causes Double-fetch Problems in the I/O Memory [Poster at USENIX Security '17]
[2017-09] A Survey of the Double-Fetch Vulnerabilities
[2017-05] How Double-Fetch Situations turn into Double-Fetch Vulnerabilities: A Study of Double Fetches in the Linux Kernel [Slides]
[2016-12] DFTracker: Detecting Double-Fetch Bugs by Multi-Taints Parallel Tracking
CVE-2016-5728 | A "double-fetch" vulnerability in the Linux kernel. Race condition in the vop_ioctl function allows local users to obtain sensitive information from kernel memory or cause a denial of service (memory corruption and system crash) by changing a certain header. |
---|---|
CVE-2016-6130 | A "double-fetch" vulnerability in the Linux kernel. Race condition in the sclp_ctl_ioctl_sccb function allows local users to obtain sensitive information from kernel memory by changing a certain length value. |
CVE-2016-6136 | A "double-fetch" vulnerability in the Linux kernel. Race condition in the audit_log_single_ execve_arg function allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string. |
CVE-2016-6156 | A "double-fetch" vulnerability in the Linux kernel. Race condition in the ec_device_ioctl_xcmd function allows local users to cause a denial of service (out-of-bounds array access) by changing a certain size value. |
CVE-2016-6480 | A "double-fetch" vulnerability in the Linux kernel. Race condition in the ioctl_send_fib function allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value. |
CVE-2017-8831 | A "hardware double-fetch" vulnerability in the Linux kernel. Function saa7164_bus_get() allows local users to cause a denial of service (out-of-bounds array access) by changing a certain sequence-number value from the hardware. |
CVE-2017-9984 | A "hardware double-fetch" vulnerability in the Linux kernel. Function snd_msnd_interrupt() allows local users to cause a denial of service (over-boundary access) by changing the value of a message queue head pointer. |
CVE-2017-9985 | A "hardware double-fetch" vulnerability in the Linux kernel. Function snd_msndmidi_input_read() allows local users to cause a denial of service (over-boundary access) by changing the value of a message queue head pointer. |
CVE-2017-9986 | A "hardware double-fetch" vulnerability in the Linux kernel. Function intr() allows local users to cause a denial of service (over-boundary access) by changing the value of a message queue head pointer. |
(Last update: 2020-3-8)