METHOD AND SYSTEM OF PROCESSING KERNEL PATCH FOR PREVENTION OF KERNEL VULNERABILITY

摘要

A kernel patch method for protecting vulnerability of a kernel and a system thereof are provided to effectively manage against hacking using the kernel vulnerability without modifying the kernel, or a recompiling or rebooting process by making a routine to supplement the kernel vulnerability into an LKM(Loadable Kernel Module) type kernel module. A kernel exploit prevention module(410) uses a KLM mode for removing the kernel vulnerability. A kernel patch database stores information for the vulnerability protecting modules of each version. A system information collecting module searches the patch corresponding to the kernel version of a kernel system by searching the kernel patch database. An OS(Operating System) patches the kernel by forming an LKM having an effectiveness check code with a system call hooking technique to enable a user program(200) to use a kernel service of the OS through a system call interface(210).