Project Zero Bugs
@ProjectZeroBugs
Followers
35K
Following
0
Media
0
Statuses
2K
A bot that posts the latest blog posts and disclosures from Google's Project Zero
Joined February 2016
Linux >=6.4: epoll: UAF via race between ep_eventpoll_release() and eventpoll_release_file() because mutex_unlock() is not ownership-drop-safe
0
8
46
From Chrome renderer code exec to kernel with MSG_OOB
0
15
79
Linux >=6.9: broken AF_UNIX MSG_OOB handling causes UAF read+write
2
15
65
libxslt: use-after-free with key data stored cross-RVT
0
5
22
arm64: Linear mapping is mapped at the same static virtual address
0
11
48
Linux: hugetlb page table sharing races with VMA splitting, leading to page table UAF
0
4
42
libxml2: Integer overflow leading to heap-buffer-overflow in xmlRegEpxFromParse
0
10
29
libxslt: heap-use-after-free in xmlFreeID caused by `atype` corruption
0
0
14
libxslt: Type confusion in xmlNode.psvi between stylesheet and source nodes
0
0
11
Double-fetch of root_size in fastrpc_pack_root_sharedpage leads to buffer overflow
0
6
20
MacOS Sandbox Escape via Double Free in coreaudiod/CoreAudio Framework
0
14
59
Linux >=6.13: io_uring: SQE/CQE UAF/OOB read in race between IORING_REGISTER_RESIZE_RINGS and io_uring_show_fdinfo
0
6
21
Webkit: Cross-site CSS rule and redirect URL disclosure
0
9
31
Samsung S24: Out of bounds write in VC1 Decoder (svc1d_rr_frm)
0
5
25
The Windows Registry Adventure #8: Practical exploitation of hive memory corruption
0
10
30
The Windows Registry Adventure #7: Attack surface analysis
0
22
50