Linux Kernel Security
@linkersec
Followers
10K
Following
0
Media
101
Statuses
371
Links related to Linux kernel security and exploitation. Maintained by @andreyknvl and @a13xp0p0v. Also on https://t.co/GVE11dpBb8 and https://t.co/YpxPWXnA6Z.
Joined September 2021
Cracking the Pixel 8: Exploiting the Undocumented DSP to Bypass MTE Talk by @Peterpan980927 and @st424204 about exploiting a logical bug in the Pixel GXP driver that allows overwriting read-only files. Video: https://t.co/NOxQEwnzjm Slides: https://t.co/GJtuvtBp3z
2
24
109
Exploiting CVE-2025-21479 on a Samsung S23 Article by @XploitBengineer about exploiting a logical bug in the Qualcomm Adreno GPU firmware to take over the kernel on Samsung S23 via a combination of page table attacks. https://t.co/r9AeYVQJ8O
0
27
130
LPE via refcount imbalance in the af_unix of Ubuntu Article and exploit by @ky1ebot for a refcount imbalance bug in the Ubuntu kernel's Unix sockets implementation disclosed during the TyphoonPWN 2025 competition. https://t.co/8MHHHmNpyH
0
24
112
kernelCTF: CVE-2025-38477 kernelCTF entry for a race condition in the network scheduler subsystem. Most notably, shows a technique of putting controlled data into unmapped sections of vmlinux. https://t.co/cmGMHb2Irl
0
20
102
“I've taken that same anointing upon Ronald, speaking of Ronald Reagan, and I've put it upon my Donald .” @TheElijahList @ElijahStreamsTV
0
28
173
Defeating KASLR by Doing Nothing at All Article by @__sethJenkins about a few problems with physical memory KASLR on arm64 devices. https://t.co/NXh0vkbTyF
0
8
37
The article shows an interesting scenario of how a NULL-pointer-dereference can lead to a more severe memory corruption. It also demonstrates a few techniques of shaping vmalloc memory for exploitation.
0
0
8
Oops! It's a kernel stack use-after-free: Exploiting NVIDIA's GPU Linux drivers Article by Robin Bastide about exploiting a NULL-pointer-dereference that led to a UAF access to the kernel stack in the NVIDIA GPU driver. https://t.co/AzDC0EQgVD
2
38
256
ksmbd - Exploiting CVE-2025-37947 Article by @73696e65 about locally exploiting CVE-2025-37947 — a page OOB write in the ksmbd module. Article: https://t.co/V5LBTtOqxY Exploit: https://t.co/knpaTnIO2j
0
65
289
Dirty Pageflags: Revisiting PTE Exploitation in Linux Article by @ptrYudai on the exploitation technique of overwriting the R/W flag in a PTE entry to allow writing into read-only files. https://t.co/tX1r2zuUuG
0
43
266
Eternal-Tux: Crafting a Linux Kernel KSMBD 0-Click RCE Exploit from N-Days William Liu @cor_ctf posted an article about exploiting a slab object overflow (CVE-2023-52440) and remote infoleak (CVE-2023-4130) in the kernel SMB3 daemon to gain RCE https://t.co/kqvwX9NbSK
1
32
172
The anatomy of a bug: 6 Months at STAR Labs @gerrard_tai posted an article describing their experience in finding kernel bugs and participating in the KernelCTF and Pwn2Own competitions https://t.co/gUfCLQCx1Q
1
22
125
The article also gives a summary about the exploitable bugs the author managed to find in the same subsystem.
0
0
0
A Syzkaller Summer: Fixing False Positive Soft Lockups in net/sched Fuzzing Article by Will's Root about fixing the soft lockup bug found when fuzzing the network scheduler subsystem with syzkaller. https://t.co/CB6ghtfaD3
1
14
77
The exploit gains control over the page tables and overwrites the kernel code to bypass SELinux and escalate privileges. https://t.co/X4kH5l0G79
0
1
0
corCTF 2025 - corphone Article by @u1f383 about exploiting a UAF in a custom Android kernel module created for a CTF task. https://t.co/a5oTd9x5QN
1
3
23
Exploit for an integer underflow bug in the HID subsystem that allows leaking up to 64 KB of kernel memory over USB.
Wrote a trigger for CVE-2025-38494/5 (an integer underflow in the HID subsystem) that leaks 64 KB of OOB memory over USB. Still works on Pixels and Ubuntus (but the bug is fixed in stable kernels). https://t.co/4IvvqcVs4Q
0
17
117
Covers the improvements made to the fuzzer since the previous article. These improvements allowed finding an impressive amount of 23 bugs in ksmbd. https://t.co/ZUzoH5YLYs
0
0
4
ksmbd - Fuzzing Improvements and Vulnerability Discovery Another article by @73696e65 about fuzzing the ksmbd module with syzkaller. https://t.co/0xVehcOrYu
1
38
220
arm64: Linear mapping is mapped at the same static virtual address Bug report by @__sethJenkins and @tehjh showing that the physmap region is mapped at a fixed virtual address on Android despite KASLR. https://t.co/Su0Q1VY4si
2
11
64
Article demonstrates kernel-hack-drill — a test environment for experimenting with Linux kernel vulnerabilities and learning new exploitation techniques ⬇️
My new article: "Kernel-hack-drill and a new approach to exploiting CVE-2024-50264 in the Linux kernel"⚡️ I tell a bug collision story and introduce my pet project kernel-hack-drill, which helped me to exploit the hard bug that received @PwnieAwards 2025 https://t.co/0DJzCJYEfm
0
5
44