The existing collection of links related to Linux kernel security and exploitation is here:
https://github.com/xairy/linux-kernel-exploitation
New articles, talks, and other updates will be published as new posts on this channel.
https://github.com/xairy/linux-kernel-exploitation
New articles, talks, and other updates will be published as new posts on this channel.
Linux Kernel Security pinned «The existing collection of links related to Linux kernel security and exploitation is here: https://github.com/xairy/linux-kernel-exploitation New articles, talks, and other updates will be published as new posts on this channel.»
Linux kernel exploitation collection updates
Materials updates for September/October.
https://github.com/xairy/linux-kernel-exploitation/commit/bedc708384015c8c5535d6ee947363659fbf4227
Materials updates for September/October.
https://github.com/xairy/linux-kernel-exploitation/commit/bedc708384015c8c5535d6ee947363659fbf4227
GitHub
September/October updates · xairy/linux-kernel-exploitation@bedc708
A collection of links related to Linux kernel security and exploitation - xairy/linux-kernel-exploitation
Fuzzing for eBPF JIT bugs in the Linux kernel
By Simon Scannell.
https://scannell.me/fuzzing-for-ebpf-jit-bugs-in-the-linux-kernel/
By Simon Scannell.
https://scannell.me/fuzzing-for-ebpf-jit-bugs-in-the-linux-kernel/
The Linux eBPF verifier, the gift that keeps on giving
An LPE exploit for CVE-2020-27194.
https://haxx.in/blasty-vs-ebpf.c
An LPE exploit for CVE-2020-27194.
https://haxx.in/blasty-vs-ebpf.c
kasan: boot parameters for hardware tag-based mode
Patchset, part of the Memory Tagging in production effort.
https://lkml.org/lkml/2020/11/4/1338
Patchset, part of the Memory Tagging in production effort.
https://lkml.org/lkml/2020/11/4/1338
PLATYPUS: Software-based Power Side-Channel Attacks on x86
Side-channel attack via Intel Running Average Power Limit (RAPL). On Linux RAPL counters are available to unprivileged users, and the attack allows leaking encryption keys from kernel modules and bypassing KASLR.
Info: https://platypusattack.com/
Paper: https://platypusattack.com/platypus.pdf
Fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=949dd0104c496fa7c14991a23c03c62e44637e71
Side-channel attack via Intel Running Average Power Limit (RAPL). On Linux RAPL counters are available to unprivileged users, and the attack allows leaking encryption keys from kernel modules and bypassing KASLR.
Info: https://platypusattack.com/
Paper: https://platypusattack.com/platypus.pdf
Fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=949dd0104c496fa7c14991a23c03c62e44637e71
We now have a chat for comments and discussions: @linkersec_chat
Debugging the Kernel with QEMU by Keith Makan
The first post of a potential upcoming Linux kernel exploitation series. Building and running Linux kernel in QEMU. Debugging a kernel module with GDB.
https://blog.k3170makan.com/2020/11/linux-kernel-exploitation-0x0-debugging.html
The first post of a potential upcoming Linux kernel exploitation series. Building and running Linux kernel in QEMU. Debugging a kernel module with GDB.
https://blog.k3170makan.com/2020/11/linux-kernel-exploitation-0x0-debugging.html
K3170Makan
[Linux Kernel Exploitation 0x0] Debugging the Kernel with QEMU
Hacking,Information Security,Penetration Testing,Google Hacking,Google Dorking,Keith Makan,Black Hat,Security Research,InfoSec,Web Site Security
Finding and exploiting a bug in an old Android phone
Finding and exploiting a Linux kernel bug in an old Motorola phone. A stream, live right now! By Brandon Falk.
Live: https://www.twitch.tv/gamozo
Part 1: https://www.youtube.com/watch?v=g62FXds2pt8
Part 2: https://www.youtube.com/watch?v=qnyFk-f3Koo
Finding and exploiting a Linux kernel bug in an old Motorola phone. A stream, live right now! By Brandon Falk.
Live: https://www.twitch.tv/gamozo
Part 1: https://www.youtube.com/watch?v=g62FXds2pt8
Part 2: https://www.youtube.com/watch?v=qnyFk-f3Koo
Twitch
gamozo - Twitch
I do high-performance programming
Linux Kernel Bug Fixing Mentorship
Himadri Pandya, a Linux kernel bug fixing mentee, describes their experience with fixing a few USB related Linux kernel bugs.
https://himadripandya.me/post/634481719919165440/linux-kernel-bug-fixing-mentorship
Himadri Pandya, a Linux kernel bug fixing mentee, describes their experience with fixing a few USB related Linux kernel bugs.
https://himadripandya.me/post/634481719919165440/linux-kernel-bug-fixing-mentorship
Himadri Pandya's Blog
Linux Kernel Bug Fixing Mentorship
I recently finished a three months long CommunityBridge(now knows as LFX) mentorship with The Linux Foundation. I worked as a Linux kernel bug fixing mentee under Greg Kroah-Hartman. This post is about my experience and work during the mentorship program.…
Linux Kernel Heap Quarantine testing and review
Kees Cook is testing Linux Kernel Heap Quarantine developed by Alexander Popov (me).
I'll post an article about the kernel heap experiment soon.
Recording: https://youtube.com/watch?v=1sBMwnKNSw0
Patch series:
https://www.openwall.com/lists/kernel-hardening/2020/09/29/2
Kees Cook is testing Linux Kernel Heap Quarantine developed by Alexander Popov (me).
I'll post an article about the kernel heap experiment soon.
Recording: https://youtube.com/watch?v=1sBMwnKNSw0
Patch series:
https://www.openwall.com/lists/kernel-hardening/2020/09/29/2
YouTube
2020-10-06: Tooling, SLAB quarantine
Stream 5: 2020-10-06 Twitch Stream
https://twitch.tv/keescook/about
Topics
- Tooling
https://github.com/kees/kernel-tools
- SLAB quarantine
https://lore.kernel.org/lkml/20200929183513.380760-1-alex.popov@linux.com/
https://twitch.tv/keescook/about
Topics
- Tooling
https://github.com/kees/kernel-tools
- SLAB quarantine
https://lore.kernel.org/lkml/20200929183513.380760-1-alex.popov@linux.com/
Samsung NPU (Neural Processing Unit) memory corruption in shared memory parsing
P0 researchers Ben Hawkes and Brandon Azad found a few kernel bugs affecting Galaxy S10 and Galaxy S20. The report includes a proof-of-concept exploit that obtains kernel read/write/execute primitive.
Info: https://bugs.chromium.org/p/project-zero/issues/detail?id=2073
Exploit: https://bugs.chromium.org/p/project-zero/issues/detail?id=2073#c1
P0 researchers Ben Hawkes and Brandon Azad found a few kernel bugs affecting Galaxy S10 and Galaxy S20. The report includes a proof-of-concept exploit that obtains kernel read/write/execute primitive.
Info: https://bugs.chromium.org/p/project-zero/issues/detail?id=2073
Exploit: https://bugs.chromium.org/p/project-zero/issues/detail?id=2073#c1
Explaining the exploit and rants by Brandon Falk
Brandon Falk summarizes the work done on a bug in an old Motorola phone he found and exploited on stream a couple of days ago.
https://www.youtube.com/watch?v=t-t7D0vQNmo
Brandon Falk summarizes the work done on a bug in an old Motorola phone he found and exploited on stream a couple of days ago.
https://www.youtube.com/watch?v=t-t7D0vQNmo
YouTube
Explaining the exploit we wrote and rants
Here is a short stream, we just explain the exploit we wrote and rant a bit about random things.
grsecurity is nominated for a PWNIE Award 2020 as the Lamest Vendor Response
Nomination
https://pwnies.com/nominations/active/lamest-vendor-response/open-source-security-inc-grsecurity-pax
Report
Control-Flow Integrity for the Linux kernel: A Security Evaluation (by Federico Bento): https://repositorio-aberto.up.pt/bitstream/10216/125357/2/374717.pdf
Nomination
https://pwnies.com/nominations/active/lamest-vendor-response/open-source-security-inc-grsecurity-pax
Report
Control-Flow Integrity for the Linux kernel: A Security Evaluation (by Federico Bento): https://repositorio-aberto.up.pt/bitstream/10216/125357/2/374717.pdf