The researchers leaked the kernel base address using the EntryBleed side-channel attack and then turned the UAF on the vsock_sock structure into a RIP control primitive to execute a ROP-chain.

Exploiting the CVE-2025-21756 1-day vulnerability. @v4bel and @_qwerty_po posted a kernelCTF report about exploiting a UAF in the vsock subsystem of the Linux kernel:.

Solo: A Pixel 6 Pro Story (When one bug is all you need). Awesome article by Lin Ze Wei about adapting the Pixel 7/8 exploit for a bug in the Mali GPU driver to Pixel 6 Pro.

Author published an exploit for this bug that disable SELinux and gains root privileges on Pixel 8 running from the untrusted_app context. The exploit is not affected by MTE.

Bypassing MTE with CVE-2025-0072. Article by @mmolgtm about exploiting a page use-after-free vulnerability in the ARM's Mali GPU driver in the code that manages userspace-mapped pages.

The researcher had to rerun the prompt multiple times before getting a true-positive result. The o3 model managed to find the 0-day vulnerability in only ~1 out of 50 runs.

How I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel's SMB implementation. Article by @seanhn about rediscovering a bug in the ksmbd module via the OpenAI's o3 model and then finding a 0-day vulnerability as well.

Based on a previously published article.

Android In-The-Wild: Unexpectedly Excavating a Kernel Exploit. Talk by @__sethjenkins about analyzing the traces of an In-The-Wild exploit that targeted the Qualcomm adsprpc driver.

KernelGP: Racing Against the Android Kernel. Talk by Chariton Karamitas about ways to use FUSE for kernel exploitation from unprivileged SELinux contexts on Android.

Kernel Exploitation Techniques: Turning The (Page) Tables. Article by @sam4k1 giving a great introduction to the page table attacks.

Author exploited a severely-limited OOB side-effect of the bug to corrupt pipe_inode_info->tmp_page and gain a page UAF read/write primitive. Researcher then swapped the private_data and f_cred fields of a signalfd file structure and overwrote the credentials via signalfd_ctx.

[CVE-2025-37752] Two Bytes Of Madness: Pwning The Linux Kernel With A 0x0000 Written 262636 Bytes Out-Of-Bounds. Great article by D3vil about exploiting a type confusion in the network scheduler subsystem and pwning all kernelCTF instances.

A Quick Dive Into The Linux Kernel Page Allocator. Article by D3vil that explains the internals of the Page allocator.

Comes with the reference exploit code.

Linux Kernel Exploitation series. Awesome series of articles by @ri5255 that outlines many commonly-used modern exploitation techniques.

RISC-V support in kernel-hardening-checker!👇.

With an advice from @h0mbre_, the researcher used brute force to bypass KASLR and hijacked the control flow for LPE.

CVE-2025-21756: Attack of the Vsock. Michael Hoefler published an article about exploiting an incorrect reference counter decrement causing a UAF in the vsock subsystem.

Guidance on how to use syzkaller to find bugs in USB drivers that can be exploited by a malicious USB device 👇.