kernelCTF: CVE-2025-38477
kernelCTF entry for a race condition in the network scheduler subsystem.
Most notably, shows a technique of putting controlled data into unmapped sections of vmlinux.
kernelCTF entry for a race condition in the network scheduler subsystem.
Most notably, shows a technique of putting controlled data into unmapped sections of vmlinux.
👍13
LPE via refcount imbalance in the af_unix of Ubuntu
Article and exploit by kylebot for a refcount imbalance bug in the Ubuntu kernel's Unix sockets implementation disclosed during the TyphoonPWN 2025 competition.
Article and exploit by kylebot for a refcount imbalance bug in the Ubuntu kernel's Unix sockets implementation disclosed during the TyphoonPWN 2025 competition.
👍8
Exploiting CVE-2025-21479 on a Samsung S23
Article by XploitBengineer about exploiting a logical bug in the Qualcomm Adreno GPU firmware to take over the kernel on Samsung S23 via a combination of page table attacks.
Article by XploitBengineer about exploiting a logical bug in the Qualcomm Adreno GPU firmware to take over the kernel on Samsung S23 via a combination of page table attacks.
👏11👎5😱4🤔2
Cracking the Pixel 8: Exploiting the Undocumented DSP to Bypass MTE
Talk (slides) by Pan Zhenpeng and Jheng Bing Jhong about exploiting a logical bug in the Pixel GXP driver that allows overwriting read-only files.
Talk (slides) by Pan Zhenpeng and Jheng Bing Jhong about exploiting a logical bug in the Pixel GXP driver that allows overwriting read-only files.
🤔4🔥3
Enhancing FineIBT
LWN article that describes the talk by Scott Constable and Sebastian Österlund about the ongoing work to improve FineIBT (Fine-grain Control-flow Enforcement with Indirect Branch Tracking).
The article also refers to another post "A hole in FineIBT protection" about a method to bypass this CFI mechanism.
LWN article that describes the talk by Scott Constable and Sebastian Österlund about the ongoing work to improve FineIBT (Fine-grain Control-flow Enforcement with Indirect Branch Tracking).
The article also refers to another post "A hole in FineIBT protection" about a method to bypass this CFI mechanism.
Slice: SAST + LLM Interprocedural Context Extractor
Amazing article by Caleb Gross about combining the use of CodeQL and LLMs to reliably rediscover CVE-2025-37899 — a remotely-triggerable vulnerability in the ksmbd module.
Amazing article by Caleb Gross about combining the use of CodeQL and LLMs to reliably rediscover CVE-2025-37899 — a remotely-triggerable vulnerability in the ksmbd module.
🔥4
LinkPro: eBPF rootkit analysis
Théo Letailleur published an article with a detailed denoscription of an eBPF rootkit that hides itself on the compromised system and activates its features upon receiving a "magic packet".
Théo Letailleur published an article with a detailed denoscription of an eBPF rootkit that hides itself on the compromised system and activates its features upon receiving a "magic packet".
Synacktiv
LinkPro: eBPF rootkit analysis
🔥13👍5👏3🤔1
Race Condition Symphony: From Tiny Idea to Pwnie
Slides from a talk by Hyunwoo Kim and Wongi Lee about exploiting CVE-2024-50264 — a race condition in the vsock subsystem.
Previously, Alexander Popov described another way to exploit this vulnerability.
Slides from a talk by Hyunwoo Kim and Wongi Lee about exploiting CVE-2024-50264 — a race condition in the vsock subsystem.
Previously, Alexander Popov described another way to exploit this vulnerability.
👍15
CUDA de Grâce
Talk (slides) by Valentina Palmiotti and Samuel Lovejoy about exploiting a race condition that leads to a double-free in the NVIDIA GPU driver to escape a container created with NVIDIA Container Toolkit.
Talk (slides) by Valentina Palmiotti and Samuel Lovejoy about exploiting a race condition that leads to a double-free in the NVIDIA GPU driver to escape a container created with NVIDIA Container Toolkit.
YouTube
HEXACON 2025 - CUDA de Grâce by Valentina Palmiotti & Samuel Lovejoy
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
🔥12
Déjà Vu in Linux io_uring
Talk (slides) by Pumpkin about exploiting CVE-2025-21836 — a race condition that leads to a use-after-free in the io_uring subsystem.
Talk (slides) by Pumpkin about exploiting CVE-2025-21836 — a race condition that leads to a use-after-free in the io_uring subsystem.
YouTube
HEXACON 2025 - Déjà Vu in Linux io_uring by Pumpkin
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
🔥8
An RbTree Family Drama
Talk (slides) by William Liu and Savino Dicanosa about exploiting CVE-2025-38001 — a use-after-free in the network packet scheduler.
The exploit was also covered in a previously posted article.
Talk (slides) by William Liu and Savino Dicanosa about exploiting CVE-2025-38001 — a use-after-free in the network packet scheduler.
The exploit was also covered in a previously posted article.
YouTube
HEXACON 2025 - An RbTree Family Drama by William Liu & Savino Dicanosa
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
🔥10
Singularity: Deep Dive into a Modern Stealth Linux Kernel Rootkit
MatheuZSec published a detailed article about Singularity — a loadable kernel module rootkit developed for 6.x Linux kernels. The rootkit uses ftrace for hooking syscalls and hiding itself.
MatheuZSec published a detailed article about Singularity — a loadable kernel module rootkit developed for 6.x Linux kernels. The rootkit uses ftrace for hooking syscalls and hiding itself.
🔥9👍1
CVE-2025-68260: rust_binder: fix race condition on death_list
First CVE was registered for the new Binder kernel driver written in Rust. The vulnerability is a race condition caused by a list operation in an
First CVE was registered for the new Binder kernel driver written in Rust. The vulnerability is a race condition caused by a list operation in an
unsafe code block.🔥16🎉3