Kernel level driver: Difference between revisions
Couple of typos |
add notice |
||
| Line 1: | Line 1: | ||
{{Incomplete|Issue 1=No references}} | |||
Kernel drivers, kernel modules, or drivers are modules of code that run inside the kernel of an operating system. Kernel drivers allow the computer to communicate with hardware devices such as keyboards, mice, storage, and network cards. Kernel access is required since these drivers usually manage hardware directly, which isn't possible in user space. This code is unrestricted since it runs inside of the kernel, meaning drivers have the highest privilege level— higher than even the traditional administrator role. If kernel code fails, the entire system crashes. In comparison, user processes can gracefully exit without affecting other processes. Also, if a kernel driver has any vulnerabilities, these can be exploited by bad actors to gain kernel access and bypass any security measures the user has in place. | Kernel drivers, kernel modules, or drivers are modules of code that run inside the kernel of an operating system. Kernel drivers allow the computer to communicate with hardware devices such as keyboards, mice, storage, and network cards. Kernel access is required since these drivers usually manage hardware directly, which isn't possible in user space. This code is unrestricted since it runs inside of the kernel, meaning drivers have the highest privilege level— higher than even the traditional administrator role. If kernel code fails, the entire system crashes. In comparison, user processes can gracefully exit without affecting other processes. Also, if a kernel driver has any vulnerabilities, these can be exploited by bad actors to gain kernel access and bypass any security measures the user has in place. | ||
Revision as of 14:00, 18 August 2025
- No references
#appeals channel in either Zulip or Discord to request removal.Articles must provide verifiable, credible evidence for their claims and avoid relying on forum posts, personal blogs, or other unverifiable sources. You can help by replacing weak citations with reputable reporting, corporate communications, receipts, repair logs, or independent investigative coverage that demonstrates the systemic relevance required by the Mission statement and Moderator Guidelines.
Kernel drivers, kernel modules, or drivers are modules of code that run inside the kernel of an operating system. Kernel drivers allow the computer to communicate with hardware devices such as keyboards, mice, storage, and network cards. Kernel access is required since these drivers usually manage hardware directly, which isn't possible in user space. This code is unrestricted since it runs inside of the kernel, meaning drivers have the highest privilege level— higher than even the traditional administrator role. If kernel code fails, the entire system crashes. In comparison, user processes can gracefully exit without affecting other processes. Also, if a kernel driver has any vulnerabilities, these can be exploited by bad actors to gain kernel access and bypass any security measures the user has in place.
Consumer Impact
Code running in the kernel presents numerous privacy and security concerns. Code running in the kernel can read the memory of any running process, including apps and websites used for banking, passwords, and other highly sensitive actions. Additionally, it has full control over all hardware, including the capability to permanently damage or disable hardware components.
Many companies now require the use of proprietary drivers in order to use applications that would work fine in user space, like Kernel Level Anti-Cheats. This gives these companies unrestricted access to a consumer's system, allowing for unmoderated data collection and control.
Examples
- CrowdStrike
- Anti-cheats, like Easy Anti Cheat and EA Anti Cheat