Kernel Level Drivers
Kernel drivers, kernel modules, or drivers are modules of code that run inside the kernel of an operating system. Kernel drivers allow the computer to communicate with hardware devices such as keyboards, mice, storage, and network cards. Kernel access is required since these drivers usually manage hardware directly, which isn't possible in user space. This code is unrestricted since it runs inside of the kernel, meaning drivers have the highest privilege level— higher than even the traditional administrator role. If kernel code fails, the entire system crashes. In comparison, user processes can gracefully exit without affecting other processes. Also, if a kernel driver has any vulnerabilities, these can be exploited by bad actors to gain kernel access and bypass any security measures the user has in place.
Consumer Impact
Code running in the kernel presents numerous privacy and security concerns. Code running in the kernel can read the memory of any running process, including apps and websites used for banking, passwords, and other highly sensitive actions. Additionally, it has full control over all hardware, including the capability to permanently damage or disable hardware components.
Many companies now require the use of proprietary drivers in order to use applications that would work fine in user space, like Kernel Level Anti-Cheats. This gives these companies unrestricted access to a consumer's system, allowing for unmoderated data collection and control.
Examples
- CrowdStrike
- Anti-cheats, like Easy Anti Cheat and EA Anti Cheat