Enhancing FineIBT
LWN article that describes the talk by Scott Constable and Sebastian Österlund about the ongoing work to improve FineIBT (Fine-grain Control-flow Enforcement with Indirect Branch Tracking).
The article also refers to another post "A hole in FineIBT protection" about a method to bypass this CFI mechanism.
LWN article that describes the talk by Scott Constable and Sebastian Österlund about the ongoing work to improve FineIBT (Fine-grain Control-flow Enforcement with Indirect Branch Tracking).
The article also refers to another post "A hole in FineIBT protection" about a method to bypass this CFI mechanism.
Slice: SAST + LLM Interprocedural Context Extractor
Amazing article by Caleb Gross about combining the use of CodeQL and LLMs to reliably rediscover CVE-2025-37899 — a remotely-triggerable vulnerability in the ksmbd module.
Amazing article by Caleb Gross about combining the use of CodeQL and LLMs to reliably rediscover CVE-2025-37899 — a remotely-triggerable vulnerability in the ksmbd module.
🔥4
LinkPro: eBPF rootkit analysis
Théo Letailleur published an article with a detailed denoscription of an eBPF rootkit that hides itself on the compromised system and activates its features upon receiving a "magic packet".
Théo Letailleur published an article with a detailed denoscription of an eBPF rootkit that hides itself on the compromised system and activates its features upon receiving a "magic packet".
Synacktiv
LinkPro: eBPF rootkit analysis
🔥13👍5👏3🤔1
Race Condition Symphony: From Tiny Idea to Pwnie
Slides from a talk by Hyunwoo Kim and Wongi Lee about exploiting CVE-2024-50264 — a race condition in the vsock subsystem.
Previously, Alexander Popov described another way to exploit this vulnerability.
Slides from a talk by Hyunwoo Kim and Wongi Lee about exploiting CVE-2024-50264 — a race condition in the vsock subsystem.
Previously, Alexander Popov described another way to exploit this vulnerability.
👍15
CUDA de Grâce
Talk (slides) by Valentina Palmiotti and Samuel Lovejoy about exploiting a race condition that leads to a double-free in the NVIDIA GPU driver to escape a container created with NVIDIA Container Toolkit.
Talk (slides) by Valentina Palmiotti and Samuel Lovejoy about exploiting a race condition that leads to a double-free in the NVIDIA GPU driver to escape a container created with NVIDIA Container Toolkit.
YouTube
HEXACON 2025 - CUDA de Grâce by Valentina Palmiotti & Samuel Lovejoy
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
🔥12
Déjà Vu in Linux io_uring
Talk (slides) by Pumpkin about exploiting CVE-2025-21836 — a race condition that leads to a use-after-free in the io_uring subsystem.
Talk (slides) by Pumpkin about exploiting CVE-2025-21836 — a race condition that leads to a use-after-free in the io_uring subsystem.
YouTube
HEXACON 2025 - Déjà Vu in Linux io_uring by Pumpkin
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
🔥8
An RbTree Family Drama
Talk (slides) by William Liu and Savino Dicanosa about exploiting CVE-2025-38001 — a use-after-free in the network packet scheduler.
The exploit was also covered in a previously posted article.
Talk (slides) by William Liu and Savino Dicanosa about exploiting CVE-2025-38001 — a use-after-free in the network packet scheduler.
The exploit was also covered in a previously posted article.
YouTube
HEXACON 2025 - An RbTree Family Drama by William Liu & Savino Dicanosa
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
🔥10
Singularity: Deep Dive into a Modern Stealth Linux Kernel Rootkit
MatheuZSec published a detailed article about Singularity — a loadable kernel module rootkit developed for 6.x Linux kernels. The rootkit uses ftrace for hooking syscalls and hiding itself.
MatheuZSec published a detailed article about Singularity — a loadable kernel module rootkit developed for 6.x Linux kernels. The rootkit uses ftrace for hooking syscalls and hiding itself.
blog.kyntra.io
Singularity: Deep Dive into a Modern Stealth Linux Kernel Rootkit – Kyntra Blog
Deep dive into a modern stealth Linux kernel rootkit with advanced evasion and persistence techniques
🔥11👍1
CVE-2025-68260: rust_binder: fix race condition on death_list
First CVE was registered for the new Binder kernel driver written in Rust. The vulnerability is a race condition caused by a list operation in an
First CVE was registered for the new Binder kernel driver written in Rust. The vulnerability is a race condition caused by a list operation in an
unsafe code block.🔥17🎉3
mediatek? more like media-rekt, amirite.
Article by hypr covering an assortment of bugs the author found in the MediaTek MT76xx and MT7915 Wi-Fi drivers.
The article also describes the nonsensical responses MediaTek gave to the bug reports, seemingly trying to weasel out of assigning a High impact rating to the reported bugs.
Article by hypr covering an assortment of bugs the author found in the MediaTek MT76xx and MT7915 Wi-Fi drivers.
The article also describes the nonsensical responses MediaTek gave to the bug reports, seemingly trying to weasel out of assigning a High impact rating to the reported bugs.
hyprblog
mediatek? more like media-REKT, amirite.
A year-in-review going over 19+ bugs in Mediatek’s MT76xx/MT7915 (and others) wifi chipsets I reported this year, PoCs included!
👍8🔥5😱3
Dangling pointers, fragile memory — from an undisclosed vulnerability to Pixel 9 Pro privilege escalation
Article about analyzing and exploiting a race condition that leads to a double-free in the Arm Mali GPU driver.
Article about analyzing and exploiting a race condition that leads to a double-free in the Arm Mali GPU driver.
京东獬豸信息安全实验室
悬挂的指针、脆弱的内存──从一个未公开的漏洞到 Pixel 9 Pro 提权
GPU 驱动由于其与内存管理的紧密联系,已经成为近年来 Android Kernel 中一个比较有价值的攻击面,与 GPU 相关的 CVE 不算少,但是只有很少数漏洞被公开分析,安全公告中也不会谈及漏洞细节,因此每个版本的 patch 就成了分析漏洞的重要线索。
🤯3👍1