A mechanism to decrease the ease with these buffer overflow attacks are implemented is by randomizing the address at which the stack is loaded. You can read more about this as a part of address space randomization on wikipedia.
The crux of the post as to why the Kernel address space layour randomization (KASLR) does not work too well is because:
- usually the places where the linux kernel runs (on embedded systems) there is not too much leeway for randomizing the location of the stack with the limited address space.
- Once the Kernel runs it cant dynamically change the location of the stack. Hence once the KASLR is broken through it remains broken until the system is rebooted.
You can read more on exploits with KASLR on the lwn website too.