Linux Kernel Security
@linkersec.bsky.social
Links related to Linux kernel security and exploitation.
Maintained by @andreyknvl.bsky.social and Alexander Popov.
Also on https://t.me/linkersec, https://x.com/linkersec, and https://infosec.exchange/@linkersec.
Maintained by @andreyknvl.bsky.social and Alexander Popov.
Also on https://t.me/linkersec, https://x.com/linkersec, and https://infosec.exchange/@linkersec.
Article series about exploiting CVE-2025-38352
Faith posted three articles about exploiting a race condition in the implementation of POSIX CPU timers.
Part 1️⃣ describes reproducing this race condition:
faith2dxy.xyz/2025-12-22/c...
Faith posted three articles about exploiting a race condition in the implementation of POSIX CPU timers.
Part 1️⃣ describes reproducing this race condition:
faith2dxy.xyz/2025-12-22/c...
CVE-2025-38352 (Part 1) - In-the-wild Android Kernel Vulnerability Analysis + PoC
Analyzing and writing a PoC for CVE-2025-38352.
faith2dxy.xyz
January 19, 2026 at 4:56 PM
Article series about exploiting CVE-2025-38352
Faith posted three articles about exploiting a race condition in the implementation of POSIX CPU timers.
Part 1️⃣ describes reproducing this race condition:
faith2dxy.xyz/2025-12-22/c...
Faith posted three articles about exploiting a race condition in the implementation of POSIX CPU timers.
Part 1️⃣ describes reproducing this race condition:
faith2dxy.xyz/2025-12-22/c...
Dangling pointers, fragile memory — from an undisclosed vulnerability to Pixel 9 Pro privilege escalation
Article about analyzing and exploiting a race condition that leads to a double-free in the Arm Mali GPU driver.
dawnslab.jd.com/Pixel_9_Pro_...
Article about analyzing and exploiting a race condition that leads to a double-free in the Arm Mali GPU driver.
dawnslab.jd.com/Pixel_9_Pro_...
悬挂的指针、脆弱的内存──从一个未公开的漏洞到 Pixel 9 Pro 提权
GPU 驱动由于其与内存管理的紧密联系,已经成为近年来 Android Kernel 中一个比较有价值的攻击面,与 GPU 相关的 CVE 不算少,但是只有很少数漏洞被公开分析,安全公告中也不会谈及漏洞细节,因此每个版本的 patch 就成了分析漏洞的重要线索。
dawnslab.jd.com
January 9, 2026 at 2:11 AM
Dangling pointers, fragile memory — from an undisclosed vulnerability to Pixel 9 Pro privilege escalation
Article about analyzing and exploiting a race condition that leads to a double-free in the Arm Mali GPU driver.
dawnslab.jd.com/Pixel_9_Pro_...
Article about analyzing and exploiting a race condition that leads to a double-free in the Arm Mali GPU driver.
dawnslab.jd.com/Pixel_9_Pro_...
mediatek? more like media-rekt, amirite.
Article by hypr covering an assortment of bugs the author found in the MediaTek MT76xx and MT7915 Wi-Fi drivers.
blog.coffinsec.com/0days/2025/1...
Article by hypr covering an assortment of bugs the author found in the MediaTek MT76xx and MT7915 Wi-Fi drivers.
blog.coffinsec.com/0days/2025/1...
mediatek? more like media-REKT, amirite.
A year-in-review going over 19+ bugs in Mediatek’s MT76xx/MT7915 (and others) wifi chipsets I reported this year, PoCs included!
blog.coffinsec.com
January 5, 2026 at 11:43 PM
mediatek? more like media-rekt, amirite.
Article by hypr covering an assortment of bugs the author found in the MediaTek MT76xx and MT7915 Wi-Fi drivers.
blog.coffinsec.com/0days/2025/1...
Article by hypr covering an assortment of bugs the author found in the MediaTek MT76xx and MT7915 Wi-Fi drivers.
blog.coffinsec.com/0days/2025/1...
CVE-2025-68260: rust_binder: fix race condition on death_list
First CVE was registered for the new Binder kernel driver written in Rust. The vulnerability is a race condition caused by a list operation in an unsafe code block.
lore.kernel.org/linux-cve-an...
First CVE was registered for the new Binder kernel driver written in Rust. The vulnerability is a race condition caused by a list operation in an unsafe code block.
lore.kernel.org/linux-cve-an...
December 22, 2025 at 7:07 PM
CVE-2025-68260: rust_binder: fix race condition on death_list
First CVE was registered for the new Binder kernel driver written in Rust. The vulnerability is a race condition caused by a list operation in an unsafe code block.
lore.kernel.org/linux-cve-an...
First CVE was registered for the new Binder kernel driver written in Rust. The vulnerability is a race condition caused by a list operation in an unsafe code block.
lore.kernel.org/linux-cve-an...
MatheuZSec published a detailed article about Singularity — a loadable kernel module rootkit developed for 6.x Linux kernels. The rootkit uses ftrace for hooking syscalls and hiding itself.
Article: blog.kyntra.io/Singularity-...
Code: github.com/MatheuZSecur...
Article: blog.kyntra.io/Singularity-...
Code: github.com/MatheuZSecur...
Singularity: Deep Dive into a Modern Stealth Linux Kernel Rootkit – Kyntra Blog
Deep dive into a modern stealth Linux kernel rootkit with advanced evasion and persistence techniques
blog.kyntra.io
December 18, 2025 at 1:39 AM
MatheuZSec published a detailed article about Singularity — a loadable kernel module rootkit developed for 6.x Linux kernels. The rootkit uses ftrace for hooking syscalls and hiding itself.
Article: blog.kyntra.io/Singularity-...
Code: github.com/MatheuZSecur...
Article: blog.kyntra.io/Singularity-...
Code: github.com/MatheuZSecur...
Extending Kernel Race Windows Using '/dev/shm'
Article by Faith about extending race condition windows via FALLOC_FL_PUNCH_HOLE. The technique allows delaying user memory accesses from the kernel mode, similar to userfaultfd and FUSE.
faith2dxy.xyz/2025-11-28/e...
Article by Faith about extending race condition windows via FALLOC_FL_PUNCH_HOLE. The technique allows delaying user memory accesses from the kernel mode, similar to userfaultfd and FUSE.
faith2dxy.xyz/2025-11-28/e...
December 16, 2025 at 12:02 AM
Extending Kernel Race Windows Using '/dev/shm'
Article by Faith about extending race condition windows via FALLOC_FL_PUNCH_HOLE. The technique allows delaying user memory accesses from the kernel mode, similar to userfaultfd and FUSE.
faith2dxy.xyz/2025-11-28/e...
Article by Faith about extending race condition windows via FALLOC_FL_PUNCH_HOLE. The technique allows delaying user memory accesses from the kernel mode, similar to userfaultfd and FUSE.
faith2dxy.xyz/2025-11-28/e...
An RbTree Family Drama
Talk by William Liu and Savino Dicanosa @cor_ctf about exploiting CVE-2025-38001 — a use-after-free in the network packet scheduler.
Video: www.youtube.com/watch?v=C-52...
Slides: storage.googleapis.com/static.cor.t...
Talk by William Liu and Savino Dicanosa @cor_ctf about exploiting CVE-2025-38001 — a use-after-free in the network packet scheduler.
Video: www.youtube.com/watch?v=C-52...
Slides: storage.googleapis.com/static.cor.t...
HEXACON 2025 - An RbTree Family Drama by William Liu & Savino Dicanosa
YouTube video by Hexacon
www.youtube.com
December 10, 2025 at 1:58 AM
An RbTree Family Drama
Talk by William Liu and Savino Dicanosa @cor_ctf about exploiting CVE-2025-38001 — a use-after-free in the network packet scheduler.
Video: www.youtube.com/watch?v=C-52...
Slides: storage.googleapis.com/static.cor.t...
Talk by William Liu and Savino Dicanosa @cor_ctf about exploiting CVE-2025-38001 — a use-after-free in the network packet scheduler.
Video: www.youtube.com/watch?v=C-52...
Slides: storage.googleapis.com/static.cor.t...
Déjà Vu in Linux io_uring
Talk by Pumpkin about exploiting CVE-2025-21836 — a race condition that leads to a use-after-free in the io_uring subsystem.
Video: www.youtube.com/watch?v=Ry4e...
Slides: u1f383.github.io/slides/talks...
Talk by Pumpkin about exploiting CVE-2025-21836 — a race condition that leads to a use-after-free in the io_uring subsystem.
Video: www.youtube.com/watch?v=Ry4e...
Slides: u1f383.github.io/slides/talks...
HEXACON 2025 - Déjà Vu in Linux io_uring by Pumpkin
YouTube video by Hexacon
www.youtube.com
December 6, 2025 at 12:44 AM
Déjà Vu in Linux io_uring
Talk by Pumpkin about exploiting CVE-2025-21836 — a race condition that leads to a use-after-free in the io_uring subsystem.
Video: www.youtube.com/watch?v=Ry4e...
Slides: u1f383.github.io/slides/talks...
Talk by Pumpkin about exploiting CVE-2025-21836 — a race condition that leads to a use-after-free in the io_uring subsystem.
Video: www.youtube.com/watch?v=Ry4e...
Slides: u1f383.github.io/slides/talks...
CUDA de Grâce
Talk by @chompie.rip and Samuel Lovejoy about exploiting a race condition that leads to a double-free in the NVIDIA GPU driver to escape a container created with NVIDIA Container Toolkit.
Video: www.youtube.com/watch?v=Lvz2...
Slides: docs.google.com/presentation...
Talk by @chompie.rip and Samuel Lovejoy about exploiting a race condition that leads to a double-free in the NVIDIA GPU driver to escape a container created with NVIDIA Container Toolkit.
Video: www.youtube.com/watch?v=Lvz2...
Slides: docs.google.com/presentation...
HEXACON 2025 - CUDA de Grâce by Valentina Palmiotti & Samuel Lovejoy
YouTube video by Hexacon
www.youtube.com
December 5, 2025 at 2:01 AM
CUDA de Grâce
Talk by @chompie.rip and Samuel Lovejoy about exploiting a race condition that leads to a double-free in the NVIDIA GPU driver to escape a container created with NVIDIA Container Toolkit.
Video: www.youtube.com/watch?v=Lvz2...
Slides: docs.google.com/presentation...
Talk by @chompie.rip and Samuel Lovejoy about exploiting a race condition that leads to a double-free in the NVIDIA GPU driver to escape a container created with NVIDIA Container Toolkit.
Video: www.youtube.com/watch?v=Lvz2...
Slides: docs.google.com/presentation...
Race Condition Symphony: From Tiny Idea to Pwnie
Slides from a talk by Hyunwoo Kim and Wongi Lee about exploiting CVE-2024-50264 — a race condition in the vsock subsystem.
powerofcommunity.net/2025/slide/h...
Slides from a talk by Hyunwoo Kim and Wongi Lee about exploiting CVE-2024-50264 — a race condition in the vsock subsystem.
powerofcommunity.net/2025/slide/h...
November 25, 2025 at 1:50 AM
Race Condition Symphony: From Tiny Idea to Pwnie
Slides from a talk by Hyunwoo Kim and Wongi Lee about exploiting CVE-2024-50264 — a race condition in the vsock subsystem.
powerofcommunity.net/2025/slide/h...
Slides from a talk by Hyunwoo Kim and Wongi Lee about exploiting CVE-2024-50264 — a race condition in the vsock subsystem.
powerofcommunity.net/2025/slide/h...
LinkPro: eBPF rootkit analysis
Théo Letailleur published an article with a detailed description of an eBPF rootkit that hides itself on the compromised system and activates its features upon receiving a "magic packet".
www.synacktiv.com/en/publicati...
Théo Letailleur published an article with a detailed description of an eBPF rootkit that hides itself on the compromised system and activates its features upon receiving a "magic packet".
www.synacktiv.com/en/publicati...
LinkPro: eBPF rootkit analysis
LinkPro: eBPF rootkit analysis
www.synacktiv.com
November 21, 2025 at 1:47 AM
LinkPro: eBPF rootkit analysis
Théo Letailleur published an article with a detailed description of an eBPF rootkit that hides itself on the compromised system and activates its features upon receiving a "magic packet".
www.synacktiv.com/en/publicati...
Théo Letailleur published an article with a detailed description of an eBPF rootkit that hides itself on the compromised system and activates its features upon receiving a "magic packet".
www.synacktiv.com/en/publicati...
Slice: SAST + LLM Interprocedural Context Extractor
Amazing article by Caleb Gross about combining the use of CodeQL and LLMs to reliably rediscover CVE-2025-37899 — a remotely-triggerable vulnerability in the ksmbd module.
noperator.dev/posts/slice/
Amazing article by Caleb Gross about combining the use of CodeQL and LLMs to reliably rediscover CVE-2025-37899 — a remotely-triggerable vulnerability in the ksmbd module.
noperator.dev/posts/slice/
November 18, 2025 at 12:48 AM
Slice: SAST + LLM Interprocedural Context Extractor
Amazing article by Caleb Gross about combining the use of CodeQL and LLMs to reliably rediscover CVE-2025-37899 — a remotely-triggerable vulnerability in the ksmbd module.
noperator.dev/posts/slice/
Amazing article by Caleb Gross about combining the use of CodeQL and LLMs to reliably rediscover CVE-2025-37899 — a remotely-triggerable vulnerability in the ksmbd module.
noperator.dev/posts/slice/
Enhancing FineIBT
@lwndotnet.bsky.social article that describes the talk by Scott Constable and Sebastian Österlund about the ongoing work to improve FineIBT (Fine-grain Control-flow Enforcement with Indirect Branch Tracking).
lwn.net/Articles/103...
@lwndotnet.bsky.social article that describes the talk by Scott Constable and Sebastian Österlund about the ongoing work to improve FineIBT (Fine-grain Control-flow Enforcement with Indirect Branch Tracking).
lwn.net/Articles/103...
November 14, 2025 at 1:22 PM
Enhancing FineIBT
@lwndotnet.bsky.social article that describes the talk by Scott Constable and Sebastian Österlund about the ongoing work to improve FineIBT (Fine-grain Control-flow Enforcement with Indirect Branch Tracking).
lwn.net/Articles/103...
@lwndotnet.bsky.social article that describes the talk by Scott Constable and Sebastian Österlund about the ongoing work to improve FineIBT (Fine-grain Control-flow Enforcement with Indirect Branch Tracking).
lwn.net/Articles/103...
Cracking the Pixel 8: Exploiting the Undocumented DSP to Bypass MTE
Talk by Pan Zhenpeng and Jheng Bing Jhong about exploiting a logical bug in the Pixel GXP driver that allows overwriting read-only files.
Video: www.youtube.com/watch?v=_iSw...
Slides: hitcon.org/2025/slides/...
Talk by Pan Zhenpeng and Jheng Bing Jhong about exploiting a logical bug in the Pixel GXP driver that allows overwriting read-only files.
Video: www.youtube.com/watch?v=_iSw...
Slides: hitcon.org/2025/slides/...
November 13, 2025 at 8:01 PM
Cracking the Pixel 8: Exploiting the Undocumented DSP to Bypass MTE
Talk by Pan Zhenpeng and Jheng Bing Jhong about exploiting a logical bug in the Pixel GXP driver that allows overwriting read-only files.
Video: www.youtube.com/watch?v=_iSw...
Slides: hitcon.org/2025/slides/...
Talk by Pan Zhenpeng and Jheng Bing Jhong about exploiting a logical bug in the Pixel GXP driver that allows overwriting read-only files.
Video: www.youtube.com/watch?v=_iSw...
Slides: hitcon.org/2025/slides/...
Exploiting CVE-2025-21479 on a Samsung S23
Article by XploitBengineer about exploiting a logical bug in the Qualcomm Adreno GPU firmware to take over the kernel on Samsung S23 via a combination of page table attacks.
xploitbengineer.github.io/CVE-2025-21479
Article by XploitBengineer about exploiting a logical bug in the Qualcomm Adreno GPU firmware to take over the kernel on Samsung S23 via a combination of page table attacks.
xploitbengineer.github.io/CVE-2025-21479
November 11, 2025 at 6:09 PM
Exploiting CVE-2025-21479 on a Samsung S23
Article by XploitBengineer about exploiting a logical bug in the Qualcomm Adreno GPU firmware to take over the kernel on Samsung S23 via a combination of page table attacks.
xploitbengineer.github.io/CVE-2025-21479
Article by XploitBengineer about exploiting a logical bug in the Qualcomm Adreno GPU firmware to take over the kernel on Samsung S23 via a combination of page table attacks.
xploitbengineer.github.io/CVE-2025-21479
LPE via refcount imbalance in the af_unix of Ubuntu
Article and exploit by kylebot for a refcount imbalance bug in the Ubuntu kernel's Unix sockets implementation disclosed during the TyphoonPWN 2025 competition.
ssd-disclosure.com/lpe-via-refc...
Article and exploit by kylebot for a refcount imbalance bug in the Ubuntu kernel's Unix sockets implementation disclosed during the TyphoonPWN 2025 competition.
ssd-disclosure.com/lpe-via-refc...
November 11, 2025 at 12:42 AM
LPE via refcount imbalance in the af_unix of Ubuntu
Article and exploit by kylebot for a refcount imbalance bug in the Ubuntu kernel's Unix sockets implementation disclosed during the TyphoonPWN 2025 competition.
ssd-disclosure.com/lpe-via-refc...
Article and exploit by kylebot for a refcount imbalance bug in the Ubuntu kernel's Unix sockets implementation disclosed during the TyphoonPWN 2025 competition.
ssd-disclosure.com/lpe-via-refc...
kernelCTF: CVE-2025-38477
kernelCTF entry for a race condition in the network scheduler subsystem.
Most notably, shows a technique of putting controlled data into unmapped sections of vmlinux.
github.com/n132/securit...
kernelCTF entry for a race condition in the network scheduler subsystem.
Most notably, shows a technique of putting controlled data into unmapped sections of vmlinux.
github.com/n132/securit...
November 7, 2025 at 8:11 PM
kernelCTF: CVE-2025-38477
kernelCTF entry for a race condition in the network scheduler subsystem.
Most notably, shows a technique of putting controlled data into unmapped sections of vmlinux.
github.com/n132/securit...
kernelCTF entry for a race condition in the network scheduler subsystem.
Most notably, shows a technique of putting controlled data into unmapped sections of vmlinux.
github.com/n132/securit...
Defeating KASLR by Doing Nothing at All
Article by Seth Jenkins about a few problems with physical memory KASLR on arm64 devices.
googleprojectzero.blogspot.com/2025/11/defe...
Article by Seth Jenkins about a few problems with physical memory KASLR on arm64 devices.
googleprojectzero.blogspot.com/2025/11/defe...
November 6, 2025 at 4:13 PM
Defeating KASLR by Doing Nothing at All
Article by Seth Jenkins about a few problems with physical memory KASLR on arm64 devices.
googleprojectzero.blogspot.com/2025/11/defe...
Article by Seth Jenkins about a few problems with physical memory KASLR on arm64 devices.
googleprojectzero.blogspot.com/2025/11/defe...
Oops! It's a kernel stack use-after-free: Exploiting NVIDIA's GPU Linux drivers
Article by Robin Bastide about exploiting a NULL-pointer-dereference that led to a UAF access to the kernel stack in the NVIDIA GPU driver.
blog.quarkslab.com/nvidia_gpu_k...
Article by Robin Bastide about exploiting a NULL-pointer-dereference that led to a UAF access to the kernel stack in the NVIDIA GPU driver.
blog.quarkslab.com/nvidia_gpu_k...
October 25, 2025 at 12:44 AM
Oops! It's a kernel stack use-after-free: Exploiting NVIDIA's GPU Linux drivers
Article by Robin Bastide about exploiting a NULL-pointer-dereference that led to a UAF access to the kernel stack in the NVIDIA GPU driver.
blog.quarkslab.com/nvidia_gpu_k...
Article by Robin Bastide about exploiting a NULL-pointer-dereference that led to a UAF access to the kernel stack in the NVIDIA GPU driver.
blog.quarkslab.com/nvidia_gpu_k...
ksmbd - Exploiting CVE-2025-37947
Article by Norbert Szetei about locally exploiting CVE-2025-37947 — a page OOB write in the ksmbd module.
Article: blog.doyensec.com/2025/10/08/k...
Exploit: github.com/doyensec/KSM...
Article by Norbert Szetei about locally exploiting CVE-2025-37947 — a page OOB write in the ksmbd module.
Article: blog.doyensec.com/2025/10/08/k...
Exploit: github.com/doyensec/KSM...
October 24, 2025 at 12:38 AM
ksmbd - Exploiting CVE-2025-37947
Article by Norbert Szetei about locally exploiting CVE-2025-37947 — a page OOB write in the ksmbd module.
Article: blog.doyensec.com/2025/10/08/k...
Exploit: github.com/doyensec/KSM...
Article by Norbert Szetei about locally exploiting CVE-2025-37947 — a page OOB write in the ksmbd module.
Article: blog.doyensec.com/2025/10/08/k...
Exploit: github.com/doyensec/KSM...
Dirty Pageflags: Revisiting PTE Exploitation in Linux
Article by ptr-yudai on the exploitation technique of overwriting the R/W flag in a PTE entry to allow writing into read-only files.
ptr-yudai.hatenablog.com/entry/2025/0...
Article by ptr-yudai on the exploitation technique of overwriting the R/W flag in a PTE entry to allow writing into read-only files.
ptr-yudai.hatenablog.com/entry/2025/0...
October 2, 2025 at 1:32 PM
Dirty Pageflags: Revisiting PTE Exploitation in Linux
Article by ptr-yudai on the exploitation technique of overwriting the R/W flag in a PTE entry to allow writing into read-only files.
ptr-yudai.hatenablog.com/entry/2025/0...
Article by ptr-yudai on the exploitation technique of overwriting the R/W flag in a PTE entry to allow writing into read-only files.
ptr-yudai.hatenablog.com/entry/2025/0...
Eternal-Tux: Crafting a Linux Kernel KSMBD 0-Click RCE Exploit from N-Days
William Liu posted an article about exploiting a slab object overflow (CVE-2023-52440) and remote infoleak (CVE-2023-4130) in the kernel SMB3 daemon to gain RCE.
www.willsroot.io/2025/09/ksmb...
William Liu posted an article about exploiting a slab object overflow (CVE-2023-52440) and remote infoleak (CVE-2023-4130) in the kernel SMB3 daemon to gain RCE.
www.willsroot.io/2025/09/ksmb...
October 1, 2025 at 11:12 PM
Eternal-Tux: Crafting a Linux Kernel KSMBD 0-Click RCE Exploit from N-Days
William Liu posted an article about exploiting a slab object overflow (CVE-2023-52440) and remote infoleak (CVE-2023-4130) in the kernel SMB3 daemon to gain RCE.
www.willsroot.io/2025/09/ksmb...
William Liu posted an article about exploiting a slab object overflow (CVE-2023-52440) and remote infoleak (CVE-2023-4130) in the kernel SMB3 daemon to gain RCE.
www.willsroot.io/2025/09/ksmb...
The anatomy of a bug: 6 Months at STAR Labs
Gerrard Tai posted an article describing their experience in finding kernel bugs and participating in the KernelCTF and Pwn2Own competitions.
gerrardtai.com/anatomy-of-a...
Gerrard Tai posted an article describing their experience in finding kernel bugs and participating in the KernelCTF and Pwn2Own competitions.
gerrardtai.com/anatomy-of-a...
September 30, 2025 at 10:11 PM
The anatomy of a bug: 6 Months at STAR Labs
Gerrard Tai posted an article describing their experience in finding kernel bugs and participating in the KernelCTF and Pwn2Own competitions.
gerrardtai.com/anatomy-of-a...
Gerrard Tai posted an article describing their experience in finding kernel bugs and participating in the KernelCTF and Pwn2Own competitions.
gerrardtai.com/anatomy-of-a...
A Syzkaller Summer: Fixing False Positive Soft Lockups in net/sched Fuzzing
Article by Will's Root about fixing the soft lockup bug found when fuzzing the network scheduler subsystem with syzkaller.
www.willsroot.io/2025/09/syz-...
Article by Will's Root about fixing the soft lockup bug found when fuzzing the network scheduler subsystem with syzkaller.
www.willsroot.io/2025/09/syz-...
September 26, 2025 at 1:17 PM
A Syzkaller Summer: Fixing False Positive Soft Lockups in net/sched Fuzzing
Article by Will's Root about fixing the soft lockup bug found when fuzzing the network scheduler subsystem with syzkaller.
www.willsroot.io/2025/09/syz-...
Article by Will's Root about fixing the soft lockup bug found when fuzzing the network scheduler subsystem with syzkaller.
www.willsroot.io/2025/09/syz-...
corCTF 2025 - corphone
Article by Pumpkin about exploiting a UAF in a custom Android kernel module created for a CTF task.
u1f383.github.io/android/2025...
Article by Pumpkin about exploiting a UAF in a custom Android kernel module created for a CTF task.
u1f383.github.io/android/2025...
September 24, 2025 at 1:19 PM
corCTF 2025 - corphone
Article by Pumpkin about exploiting a UAF in a custom Android kernel module created for a CTF task.
u1f383.github.io/android/2025...
Article by Pumpkin about exploiting a UAF in a custom Android kernel module created for a CTF task.
u1f383.github.io/android/2025...