Post Syndicated from corbet original https://lwn.net/Articles/965837/

While a programming error in the kernel may be subject to direct
exploitation, usually a more roundabout approach is required to take
advantage of a security bug. One popular approach for those wishing to
take advantage of vulnerabilities is heap spraying, and
it has often been employed to compromise the kernel. In the future,
though, heap-spraying attacks may be a bit harder to pull off, thanks to the
“dedicated bucket allocator” proposed by Kees Cook.