LightNews
linkersec.bsky.social
Linux Kernel Security
@linkersec.bsky.social
160 followers 0 following 80 posts
Links related to Linux kernel security and exploitation. Maintained by @andreyknvl.bsky.social and Alexander Popov. Also on https://t.me/linkersec, https://x.com/linkersec, and https://infosec.exchange/@linkersec.
t.me
Posts Media Videos Starter Packs
linkersec.bsky.social
Linux Kernel Security @linkersec.bsky.social · 9d
Dirty Pageflags: Revisiting PTE Exploitation in Linux

Article by ptr-yudai on the exploitation technique of overwriting the R/W flag in a PTE entry to allow writing into read-only files.

ptr-yudai.hatenablog.com/entry/2025/0...
1
linkersec.bsky.social
Linux Kernel Security @linkersec.bsky.social · 10d
Eternal-Tux: Crafting a Linux Kernel KSMBD 0-Click RCE Exploit from N-Days

William Liu posted an article about exploiting a slab object overflow (CVE-2023-52440) and remote infoleak (CVE-2023-4130) in the kernel SMB3 daemon to gain RCE.

www.willsroot.io/2025/09/ksmb...
linkersec.bsky.social
Linux Kernel Security @linkersec.bsky.social · 11d
The anatomy of a bug: 6 Months at STAR Labs

Gerrard Tai posted an article describing their experience in finding kernel bugs and participating in the KernelCTF and Pwn2Own competitions.

gerrardtai.com/anatomy-of-a...
1 1
linkersec.bsky.social
Linux Kernel Security @linkersec.bsky.social · 15d
The article also gives a summary about the exploitable bugs the author managed to find in the same subsystem.
linkersec.bsky.social
Linux Kernel Security @linkersec.bsky.social · 15d
A Syzkaller Summer: Fixing False Positive Soft Lockups in net/sched Fuzzing

Article by Will's Root about fixing the soft lockup bug found when fuzzing the network scheduler subsystem with syzkaller.

www.willsroot.io/2025/09/syz-...
1
linkersec.bsky.social
Linux Kernel Security @linkersec.bsky.social · 17d
The exploit gains control over the page tables and overwrites the kernel code to bypass SELinux and escalate privileges.

u1f383.github.io/assets/corct...
u1f383.github.io
linkersec.bsky.social
Linux Kernel Security @linkersec.bsky.social · 17d
corCTF 2025 - corphone

Article by Pumpkin about exploiting a UAF in a custom Android kernel module created for a CTF task.

u1f383.github.io/android/2025...
1
linkersec.bsky.social
Linux Kernel Security @linkersec.bsky.social · 18d
Exploit for an integer underflow bug in the HID subsystem that allows leaking up to 64 KB of kernel memory over USB.
andreyknvl.bsky.social
Andrey Konovalov @andreyknvl.bsky.social · Sep 11
Wrote a trigger for CVE-2025-38494/5 (an integer underflow in the HID subsystem) that leaks 64 KB of OOB memory over USB.

Still works on Pixels and Ubuntus (but the bug is fixed in stable kernels).

github.com/xairy/kernel...
linkersec.bsky.social
Linux Kernel Security @linkersec.bsky.social · Sep 10
Covers the improvements made to the fuzzer since the previous article. These improvements allowed finding an impressive amount of 23 bugs in ksmbd.

blog.doyensec.com/2025/01/07/k...
linkersec.bsky.social
Linux Kernel Security @linkersec.bsky.social · Sep 10
ksmbd - Fuzzing Improvements and Vulnerability Discovery

Another article by Norbert Szetei about fuzzing the ksmbd module with syzkaller.

blog.doyensec.com/2025/09/02/k...
1
linkersec.bsky.social
Linux Kernel Security @linkersec.bsky.social · Sep 10
arm64: Linear mapping is mapped at the same static virtual address

Bug report by Seth Jenkins and Jann Horn showing that the physmap region is mapped at a fixed virtual address on Android despite KASLR.

project-zero.issues.chromium.org/issues/43420...
1
linkersec.bsky.social
Linux Kernel Security @linkersec.bsky.social · Sep 4
Despite the bug collision with other researchers, Alexander found a new exploitation method for this bug by relying on his pet project kernel-hack-drill.

github.com/a13xp0p0v/ke...
GitHub - a13xp0p0v/kernel-hack-drill: Linux kernel exploitation experiments
Linux kernel exploitation experiments. Contribute to a13xp0p0v/kernel-hack-drill development by creating an account on GitHub.
github.com
linkersec.bsky.social
Linux Kernel Security @linkersec.bsky.social · Sep 4
Kernel-hack-drill and a new approach to exploiting CVE-2024-50264 in the Linux kernel

Alexander Popov published an article about exploiting a race condition in AF_VSOCK subsystem, the bug that received a Pwnie Award 2025.

a13xp0p0v.github.io/2025/09/02/k...
1
linkersec.bsky.social
Linux Kernel Security @linkersec.bsky.social · Sep 4
Despite the bug collision with other researchers, Alexander found a new exploitation method for this bug by relying on his pet project kernel-hack-drill.

github.com/a13xp0p0v/ke...
GitHub - a13xp0p0v/kernel-hack-drill: Linux kernel exploitation experiments
Linux kernel exploitation experiments. Contribute to a13xp0p0v/kernel-hack-drill development by creating an account on GitHub.
github.com
linkersec.bsky.social
Linux Kernel Security @linkersec.bsky.social · Sep 4
Kernel-hack-drill and a new approach to exploiting CVE-2024-50264 in the Linux kernel

Alexander Popov published an article about exploiting a race condition in AF_VSOCK subsystem, the bug that received a Pwnie Award 2025.

a13xp0p0v.github.io/2025/09/02/k...
1
linkersec.bsky.social
Linux Kernel Security @linkersec.bsky.social · Aug 24
The article contains many interesting notes and takeaways on writing kernel exploits that work from within the Chrome renderer sandbox.
linkersec.bsky.social
Linux Kernel Security @linkersec.bsky.social · Aug 24
From Chrome renderer code exec to kernel with MSG_OOB

Jann Horn posted an article about exploiting CVE-2025-38236, a UAF in the UNIX domain sockets.

googleprojectzero.blogspot.com/2025/08/from...
1 1
linkersec.bsky.social
Linux Kernel Security @linkersec.bsky.social · Aug 9
Exploiting All Google kernelCTF Instances And Debian 12 With A 0-Day For $82k

Article by Crusaders of Rust about exploiting a UAF in the network packet scheduler. Researchers manipulated red-black trees to achieve a page-level UAF and escalate privileges.

syst3mfailure.io/rbtree-famil...
[CVE-2025-38001] Exploiting All Google kernelCTF Instances And Debian 12 With A 0-Day For $82k: A RBTree Family Drama (Part One: LTS & COS)
CVE-2025-38001 is a Use-After-Free vulnerability in the Linux network packet scheduler, specifically in the HFSC queuing discipline. When the HFSC qdisc is utilized with NETEM and NETEM packet duplica...
syst3mfailure.io
1
linkersec.bsky.social
Linux Kernel Security @linkersec.bsky.social · Aug 8
Setting up kernel exploit debugging environment on Pixel 8 ⬇️
andreyknvl.bsky.social
Andrey Konovalov @andreyknvl.bsky.social · Jul 28
Documented instructions for setting up KGDB on Pixel 8.

Including getting kernel log over UART via USB-Cereal, building/flashing custom kernel, breaking into KGDB via /proc/sysrq-trigger or by sending SysRq-G over serial, dealing with watchdogs, etc.

xairy.io/articles/pix...
📲 Debugging the Pixel 8 kernel via KGDB
Instructions for getting kernel log, building custom kernel, and enabling KGDB on Pixel 8
xairy.io
1 2
linkersec.bsky.social
Linux Kernel Security @linkersec.bsky.social · Jul 17
CVE-2023-52927 - Turning a Forgotten Syzkaller Report into kCTF Exploit

Article by Hoàng Hải Long about finding an unfixed netfilter use-after-free bug reported by syzbot. The researcher exploited it to pwn the kernelCTF COS instance.

seadragnol.github.io/posts/CVE-20...
1
linkersec.bsky.social
Linux Kernel Security @linkersec.bsky.social · Jul 16
Slava started with a simple fuzzer implementation and then improved it step-by-step by adding coverage collection, proper seed generation, mutations, etc.

The source code of the fuzzer is public.

github.com/sl4v/hfsplus...
GitHub - sl4v/hfsplus-kernel-fuzzing-demo: Minimal Linux kernel fuzzer demo targeting HFS+
Minimal Linux kernel fuzzer demo targeting HFS+. Contribute to sl4v/hfsplus-kernel-fuzzing-demo development by creating an account on GitHub.
github.com
linkersec.bsky.social
Linux Kernel Security @linkersec.bsky.social · Jul 16
Fuzzing Linux Kernel Modules, with Slava Moskvin

Stream by @sl4v.bsky.social hosted by @steph3nsims.bsky.social about building a custom fuzzer to rediscover CVE-2025-0927 in the HFS+ filesystem implementation.

www.youtube.com/live/uCcsZrX...
Fuzzing Linux Kernel Modules, with Slava Moskvin
YouTube video by Off By One Security
www.youtube.com
1
linkersec.bsky.social
Linux Kernel Security @linkersec.bsky.social · Jul 15
Linux Kernel Hardening: Ten Years Deep

Talk by Kees Cook about the relevance of various Linux kernel vulnerability classes and the mitigations that address them.

Video: www.youtube.com/watch?v=c_Nx...
Slides: static.sched.com/hosted_files...
3 7
linkersec.bsky.social
Linux Kernel Security @linkersec.bsky.social · Jul 10
Bypass Kernel Barriers: Fuzzing Linux Kernel in Userspace With LKL

Xuan Xing & Eugene Rodionov gave a talk about fuzzing the Linux kernel interfaces fully in user space using LKL (Linux Kernel Library).

Video: www.youtube.com/watch?v=Wxmi...
Slides: static.sched.com/hosted_files...
Bypass Kernel Barriers: Fuzzing Linux Kernel in Userspace With LKL - Xuan Xing & Eugene Rodionov
YouTube video by The Linux Foundation
www.youtube.com
1 1
linkersec.bsky.social
Linux Kernel Security @linkersec.bsky.social · Jul 9
The Journey of Bypassing Ubuntu’s Unprivileged Namespace Restriction

Article by Pumpkin about the internals of the Ubuntu's implementation of restricting unprivileged user namespaces and figuring out another bypass method.

u1f383.github.io/linux/2025/0...
1