The existing collection of links related to Linux kernel security and exploitation is here:
https://github.com/xairy/linux-kernel-exploitation
New articles, talks, and other updates will be published as new posts on this channel.
https://github.com/xairy/linux-kernel-exploitation
New articles, talks, and other updates will be published as new posts on this channel.
Linux Kernel Security pinned «The existing collection of links related to Linux kernel security and exploitation is here: https://github.com/xairy/linux-kernel-exploitation New articles, talks, and other updates will be published as new posts on this channel.»
Linux kernel exploitation collection updates
Materials updates for September/October.
https://github.com/xairy/linux-kernel-exploitation/commit/bedc708384015c8c5535d6ee947363659fbf4227
Materials updates for September/October.
https://github.com/xairy/linux-kernel-exploitation/commit/bedc708384015c8c5535d6ee947363659fbf4227
GitHub
September/October updates · xairy/linux-kernel-exploitation@bedc708
A collection of links related to Linux kernel security and exploitation - xairy/linux-kernel-exploitation
Fuzzing for eBPF JIT bugs in the Linux kernel
By Simon Scannell.
https://scannell.me/fuzzing-for-ebpf-jit-bugs-in-the-linux-kernel/
By Simon Scannell.
https://scannell.me/fuzzing-for-ebpf-jit-bugs-in-the-linux-kernel/
The Linux eBPF verifier, the gift that keeps on giving
An LPE exploit for CVE-2020-27194.
https://haxx.in/blasty-vs-ebpf.c
An LPE exploit for CVE-2020-27194.
https://haxx.in/blasty-vs-ebpf.c
kasan: boot parameters for hardware tag-based mode
Patchset, part of the Memory Tagging in production effort.
https://lkml.org/lkml/2020/11/4/1338
Patchset, part of the Memory Tagging in production effort.
https://lkml.org/lkml/2020/11/4/1338
PLATYPUS: Software-based Power Side-Channel Attacks on x86
Side-channel attack via Intel Running Average Power Limit (RAPL). On Linux RAPL counters are available to unprivileged users, and the attack allows leaking encryption keys from kernel modules and bypassing KASLR.
Info: https://platypusattack.com/
Paper: https://platypusattack.com/platypus.pdf
Fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=949dd0104c496fa7c14991a23c03c62e44637e71
Side-channel attack via Intel Running Average Power Limit (RAPL). On Linux RAPL counters are available to unprivileged users, and the attack allows leaking encryption keys from kernel modules and bypassing KASLR.
Info: https://platypusattack.com/
Paper: https://platypusattack.com/platypus.pdf
Fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=949dd0104c496fa7c14991a23c03c62e44637e71
We now have a chat for comments and discussions: @linkersec_chat