Bad Binder: Android In-The-Wild Exploit (Project Zero)

The original slab allocator, as conceived by Jeff Bonwick, was a generalized way to allocate typed objectes and cache already initialized but currently unused objects for future reuse. And that's what the slab/ slub/ slob allocators in Linux do as well. kmalloc is just a convenience interface on top of that which reintroduces size-based aggregation of memory chunks through the backdoor. And one drawback of this is that it means use-after-free errors are fairly easily exploitable because memory which used to hold some trusted information may be handed out to untrusted code to use as it sees fit while other trusted code still has a pointer to it.