LightNews
andreyknvl.bsky.social
Andrey Konovalov
@andreyknvl.bsky.social
150 followers 88 following 34 posts
Security engineer at http://xairy.io. Focusing on the Linux kernel. Maintaining @linkersec.bsky.social. Trainings at http://xairy.io/trainings.
xairy.io.
Posts Media Videos Starter Packs
Pinned
andreyknvl.bsky.social
Andrey Konovalov @andreyknvl.bsky.social · Jul 1
Exploiting the Linux Kernel on October 26 — November 1 online via Ringzer0.

ringzer0.training/countermeaas...
2
andreyknvl.bsky.social
Andrey Konovalov @andreyknvl.bsky.social · 16d
Delivered a workshop at BalcCon this weekend on emulating/sniffing/MitM'ing USB devices with Raw Gadget and a Raspberry Pi.

All materials are public, so can go through the workshop on your own if you're interested.

github.com/xairy/raw-ga...
raw-gadget/workshop at master · xairy/raw-gadget
USB Raw Gadget — a low-level interface for the Linux USB Gadget subsystem - xairy/raw-gadget
github.com
1
andreyknvl.bsky.social
Andrey Konovalov @andreyknvl.bsky.social · 16d
Updated syzkaller documentation on USB fuzzing to explain how to handle certain tricky cases (e.g. driver quirks applied based on Vendor/Product IDs).

github.com/google/syzka...
docs: update USB documentation · google/syzkaller@e2beed9
github.com
1 2
andreyknvl.bsky.social
Andrey Konovalov @andreyknvl.bsky.social · 28d
I also suspect that the CVE-2025-38494/5 fix is what actually fixes CVE-2024-50302.

Assuming the used chain was portable enough to also cover devices with CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y, replacing kmalloc with kzalloc possibly did nothing.

bsky.app/profile/andr...
andreyknvl.bsky.social
Andrey Konovalov @andreyknvl.bsky.social · Feb 28
Reaching code for CVE-2024-50302 (infoleak via Anton Touchpad) seems to require a bit more descriptions work: hid-multitouch.c is barely covered by syzbot. But the bug type is discoverable via KMSAN: it reports infoleaks over USB as kernel-usb-infoleak.

storage.googleapis.com/syzbot-asset...
andreyknvl.bsky.social
Andrey Konovalov @andreyknvl.bsky.social · 28d
"Wrote" is a strong word for this, I just cleaned up the reproducer from this syzbot report:

syzkaller.appspot.com/bug?extid=fb...

The report has been public on the dashboard for over 2 months now. And there's plenty of other USB bugs that are still not fixed.
1 2
andreyknvl.bsky.social
Andrey Konovalov @andreyknvl.bsky.social · 28d
Wrote a trigger for CVE-2025-38494/5 (an integer underflow in the HID subsystem) that leaks 64 KB of OOB memory over USB.

Still works on Pixels and Ubuntus (but the bug is fixed in stable kernels).

github.com/xairy/kernel...
1 4 23
andreyknvl.bsky.social
Andrey Konovalov @andreyknvl.bsky.social · Sep 8
Updated the collection of USB hacking links.

github.com/xairy/usb-ha...
readme: new links · xairy/usb-hacking@4661f45
github.com
andreyknvl.bsky.social
Andrey Konovalov @andreyknvl.bsky.social · Sep 7
Whoever is coming to BalCCon: I will be teaching a workshop Attacking USB with Raw Gadget (covering basics of USB emulation and sniffing).

If you wish to attend, you must bring Raspberry Pi 5 along with a few other things, see the workshop description.

github.com/xairy/raw-ga...
raw-gadget/workshop at master · xairy/raw-gadget
USB Raw Gadget — a low-level interface for the Linux USB Gadget subsystem - xairy/raw-gadget
github.com
2
andreyknvl.bsky.social
Andrey Konovalov @andreyknvl.bsky.social · Sep 4
Updates for the Linux kernel exploitation collection 😋

github.com/xairy/linux-...
July/August updates · xairy/linux-kernel-exploitation@3dbd2d4
github.com
1
Reposted by Andrey Konovalov
andersonc0d3.bsky.social
Anderson Nascimento @andersonc0d3.bsky.social · Aug 13
Linux Kernel netfilter: ipset: Missing Range Check LPE

ssd-disclosure.com/linux-kernel...
Linux Kernel netfilter: ipset: Missing Range Check LPE - SSD Secure Disclosure
Affected Versions Vendor Response Linux kernel release the patch (https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35f56c554eb1b56b77b3cf197a6b00922d49033d) Background The...
ssd-disclosure.com
1 2
Reposted by Andrey Konovalov
thezdi.bsky.social
Trend Zero Day Initiative @thezdi.bsky.social · Jul 31
Announcing #Pwn2Own Ireland for 2025! We return to the Emerald Isle with our new partner #Meta & a $1,000,000 WhatsApp bounty. Plus new USB vectors on phones & more. Read the details https://www.zerodayinitiative.com/blog/2025/7/30/pwn2own-returns-to-ireland-with-a-one-million-dollar-whatsapp-target
1 4 5
andreyknvl.bsky.social
Andrey Konovalov @andreyknvl.bsky.social · Jul 28
Documented instructions for setting up KGDB on Pixel 8.

Including getting kernel log over UART via USB-Cereal, building/flashing custom kernel, breaking into KGDB via /proc/sysrq-trigger or by sending SysRq-G over serial, dealing with watchdogs, etc.

xairy.io/articles/pix...
📲 Debugging the Pixel 8 kernel via KGDB
Instructions for getting kernel log, building custom kernel, and enabling KGDB on Pixel 8
xairy.io
3 4
Reposted by Andrey Konovalov
linkersec.bsky.social
Linux Kernel Security @linkersec.bsky.social · Jul 15
Linux Kernel Hardening: Ten Years Deep

Talk by Kees Cook about the relevance of various Linux kernel vulnerability classes and the mitigations that address them.

Video: www.youtube.com/watch?v=c_Nx...
Slides: static.sched.com/hosted_files...
3 7
Reposted by Andrey Konovalov
linkersec.bsky.social
Linux Kernel Security @linkersec.bsky.social · Jul 10
Bypass Kernel Barriers: Fuzzing Linux Kernel in Userspace With LKL

Xuan Xing & Eugene Rodionov gave a talk about fuzzing the Linux kernel interfaces fully in user space using LKL (Linux Kernel Library).

Video: www.youtube.com/watch?v=Wxmi...
Slides: static.sched.com/hosted_files...
Bypass Kernel Barriers: Fuzzing Linux Kernel in Userspace With LKL - Xuan Xing & Eugene Rodionov
YouTube video by The Linux Foundation
www.youtube.com
1 1
andreyknvl.bsky.social
Andrey Konovalov @andreyknvl.bsky.social · Jul 1
Exploiting the Linux Kernel on October 26 — November 1 online via Ringzer0.

ringzer0.training/countermeaas...
2
andreyknvl.bsky.social
Andrey Konovalov @andreyknvl.bsky.social · Jul 1
Exploiting the Linux Kernel on October 6–9 in Paris at Hexacon ‪‪@hexacon.bsky.social‬.

www.hexacon.fr/trainer/kono...
1 1
andreyknvl.bsky.social
Andrey Konovalov @andreyknvl.bsky.social · Jul 1
Exploiting the Linux Kernel on September 1–3 in Berlin at Nullcon.

nullcon.net/berlin-2025/...
1
andreyknvl.bsky.social
Andrey Konovalov @andreyknvl.bsky.social · Jul 1
Fuzzing the Linux Kernel on August 4–5 online via Black Hat US.

www.blackhat.com/us-25/traini...
1 1
andreyknvl.bsky.social
Andrey Konovalov @andreyknvl.bsky.social · Jul 1
Schedule for my Fuzzing/Exploiting the Linux Kernel trainings for the rest of the year ⬇️
1 1
andreyknvl.bsky.social
Andrey Konovalov @andreyknvl.bsky.social · Jul 1
Updates for the Linux kernel exploitation collection 😋

github.com/xairy/linux-...
May/June updates · xairy/linux-kernel-exploitation@e4d394c
github.com
1 1
Reposted by Andrey Konovalov
andersonc0d3.bsky.social
Anderson Nascimento @andersonc0d3.bsky.social · Jun 30
RVAsec 2025: Kevin Massey - Linux Kernel Exploitation for Beginners

youtu.be/YfjHCt4SzQc

Linux Kernel Exploitation For
Beginners

rvasec.com/slides/2025/...
RVAsec 2025: Kevin Massey - Linux Kernel Exploitation for Beginners
YouTube video by RVAsec
youtu.be
1 1
Reposted by Andrey Konovalov
linkersec.bsky.social
Linux Kernel Security @linkersec.bsky.social · Jun 4
KernelGP: Racing Against the Android Kernel

Talk by Chariton Karamitas about ways to use FUSE for kernel exploitation from unprivileged SELinux contexts on Android.

www.youtube.com/watch?v=DJBG...
OffensiveCon25 - Chariton Karamitas - KernelGP: Racing Against the Android Kernel
YouTube video by OffensiveCon
www.youtube.com
1 1
Reposted by Andrey Konovalov
linkersec.bsky.social
Linux Kernel Security @linkersec.bsky.social · May 11
Linux Kernel Exploitation series

Awesome series of articles by r1ru that outlines many commonly-used modern exploitation techniques.

r1ru.github.io/categories/l...
1 1 2
Reposted by Andrey Konovalov
sam4k.com
sam4k @sam4k.com · May 8
with offensivecon around the corner, i figured id write another post on linux kernel exploitation techniques - this time i cover the world of page table exploitation! enjoy 🤓

sam4k.com/page-table-k...
Kernel Exploitation Techniques: Turning The (Page) Tables
This post explores attacking page tables as a Linux kernel exploitation technique for gaining powerful read/write primitives.
sam4k.com
1 4 13
andreyknvl.bsky.social
Andrey Konovalov @andreyknvl.bsky.social · May 7
Updates for the Linux kernel exploitation collection 😋

github.com/xairy/linux-...
March/April updates · xairy/linux-kernel-exploitation@7c1b77c
github.com
1
andreyknvl.bsky.social
Andrey Konovalov @andreyknvl.bsky.social · May 6
(If you use newer Ubuntu and the code formatting looks off, use File → Print preview; Ubuntu still hasn't fixed the issues with their monospace fonts.)