Linux currently (November 2017, kernel 4.14) uses a weak
that maps chunks at constant distances to each other into the virtual address
space. To show that this can be problematic, we developed two attacks that show
how to escalate Array-Out-of-Bounds-Writes to code execution by overwriting
internal data structures used by
ld.so. Details, Proof-of-Concept-Code, and an
academic Paper can be found on github.