Kernel Level Drivers: Difference between revisions
Init |
Reword and format the article to flow better. Also corrected some terminology. |
||
| Line 1: | Line 1: | ||
Kernel drivers, kernel modules, or drivers are modules of code that run inside the kernel of an operating system. Kernel drivers allow the computer to communicate with hardware devices such as keyboards, mice, storage, and network cards. Kernel access is required since these drivers usually manage hardware directly, which isn't possible in user space. This code is unresricted since it runs inside of the kernel, meaning drivers have the highest privledge level— higher than even the traditional administrator role. If kernel code fails, the entire system crashes. In comparision, user processes can gracefully exit without affecting other processes. Also, if a kernel driver has any vulnerabilities, these can be exploited by bad actors to gain kernel access and bypass any security measures the user has in place. | |||
Kernel access | |||
== Consumer Impact == | |||
Code running in the kernel presents numerous privacy and security concerns. Code running in the kernel can read the memory of any running process, including apps and websites used for banking, passwords, and other highly sensitive actions. Additionally, it has full control over all hardware, including the capability to permantely damage or disable hardware components. | |||
Many companies now require the use of proprietary drivers in order to use applications that would work fine in user space, like [[Kernel Level Anti-Cheats]]. This gives these companies unrestricted access to a consumer's system, allowing for unmoderated data collection and control. | |||
==Examples== | ==Examples== | ||
* [[wikipedia:CrowdStrike|CrowdStrike]] | |||
* [[wikipedia:Cheating_in_online_games#Anti-cheating_methods_and_limitations|Anti-cheats]], like Easy Anti Cheat and EA Anti Cheat | |||
== Incidents == | |||
* [[wikipedia:2024_CrowdStrike-related_IT_outages|2024 CrowdStrike-related IT outages]] | |||
== See Also == | |||
* [[Kernel Level Anti-Cheats]] | |||
==References== | ==References== | ||
{{reflist}} | {{reflist}} | ||
[[Category:Common terms]] | [[Category:Common terms]] | ||
Revision as of 16:49, 21 June 2025
Kernel drivers, kernel modules, or drivers are modules of code that run inside the kernel of an operating system. Kernel drivers allow the computer to communicate with hardware devices such as keyboards, mice, storage, and network cards. Kernel access is required since these drivers usually manage hardware directly, which isn't possible in user space. This code is unresricted since it runs inside of the kernel, meaning drivers have the highest privledge level— higher than even the traditional administrator role. If kernel code fails, the entire system crashes. In comparision, user processes can gracefully exit without affecting other processes. Also, if a kernel driver has any vulnerabilities, these can be exploited by bad actors to gain kernel access and bypass any security measures the user has in place.
Consumer Impact
Code running in the kernel presents numerous privacy and security concerns. Code running in the kernel can read the memory of any running process, including apps and websites used for banking, passwords, and other highly sensitive actions. Additionally, it has full control over all hardware, including the capability to permantely damage or disable hardware components.
Many companies now require the use of proprietary drivers in order to use applications that would work fine in user space, like Kernel Level Anti-Cheats. This gives these companies unrestricted access to a consumer's system, allowing for unmoderated data collection and control.
Examples
- CrowdStrike
- Anti-cheats, like Easy Anti Cheat and EA Anti Cheat