CME-1005

Runtime Memory Error Detection (KASAN/HWASan)

Detect OS/Kernel High Confidence

Description

Kernel AddressSanitizer (KASAN) and Hardware-assisted AddressSanitizer (HWASan) detect memory safety violations at runtime including use-after-free, out-of-bounds access, buffer size miscalculations, and NULL pointer dereferences. KASAN instruments kernel memory allocations with redzones and quarantine zones to detect invalid accesses. HWASan uses ARM Memory Tagging for lower-overhead production deployments. When a violation is detected, the kernel logs a detailed report and can be configured to panic, preventing silent exploitation.

CVSS Vector Impacts

Metric Transition Rationale
Attack Complexity (AC) L H Runtime detection of memory corruption forces exploit authors to either avoid instrumented allocation paths or accept detection; exploitation complexity increases significantly as corrupted memory triggers immediate detection rather than enabling controlled code execution.

CWE Relationships

CWE-416 CWE-131 CWE-193 CWE-476 CWE-787 CWE-125 CWE-120

Verification

Check if KASAN is enabled in kernel config

$ grep CONFIG_KASAN=y /boot/config-$(uname -r)
# Expected: CONFIG_KASAN=y
Platform: linux
← CME-1004: AIDE / File Integrity Monitoring CME-1006: Privilege Change Audit Logging →