Linux Kernel Security
@linkersec
Followers
9K
Following
0
Media
87
Statuses
351
Links related to Linux kernel security and exploitation. Maintained by @andreyknvl and @a13xp0p0v. Also on https://t.co/GVE11dpBb8 and https://t.co/YpxPWXnA6Z.
Joined September 2021
The article contains many interesting notes and takeaways on writing kernel exploits that work from within the Chrome renderer sandbox.
0
0
3
From Chrome renderer code exec to kernel with MSG_OOB. Jann Horn @tehjh posted an article about exploiting CVE-2025-38236, a UAF in the UNIX domain sockets:.
1
35
136
Exploiting All Google kernelCTF Instances And Debian 12 With A 0-Day For $82k. Article by @cor_ctf about exploiting a UAF in the network packet scheduler. Researchers manipulated red-black trees to achieve a page-level UAF and escalate privileges.
syst3mfailure.io
CVE-2025-38001 is a Use-After-Free vulnerability in the Linux network packet scheduler, specifically in the HFSC queuing discipline. When the HFSC qdisc is utilized with NETEM and NETEM packet...
0
37
178
Setting up kernel exploit debugging environment on Pixel 8 ⬇️.
Documented instructions for setting up KGDB on Pixel 8. Including getting kernel log over UART via USB-Cereal, building/flashing custom kernel, breaking into KGDB via /proc/sysrq-trigger or by sending SysRq-G over serial, dealing with watchdogs, etc.
0
8
68
CVE-2023-52927 - Turning a Forgotten Syzkaller Report into kCTF Exploit. Article by @seadragnol about finding an unfixed netfilter use-after-free bug reported by syzbot. The researcher exploited it to pwn the kernelCTF COS instance.
0
38
129
Slava started with a simple fuzzer implementation and then improved it step-by-step by adding coverage collection, proper seed generation, mutations, etc. The source code of the fuzzer is public.
github.com
Minimal Linux kernel fuzzer demo targeting HFS+. Contribute to sl4v/hfsplus-kernel-fuzzing-demo development by creating an account on GitHub.
0
2
8
Fuzzing Linux Kernel Modules, with Slava Moskvin. Stream by @slava_moskvin_ hosted by @Steph3nSims about building a custom fuzzer to rediscover CVE-2025-0927 in the HFS+ filesystem implementation.
2
44
153
Linux Kernel Hardening: Ten Years Deep. Talk by @kees_cook about the relevance of various Linux kernel vulnerability classes and the mitigations that address them. Video: Slides:
1
34
130
Bypass Kernel Barriers: Fuzzing Linux Kernel in Userspace With LKL. Xuan Xing & Eugene Rodionov @vxradius gave a talk about fuzzing the Linux kernel interfaces completely in user space using LKL (Linux Kernel Library).
2
46
165
The Journey of Bypassing Ubuntu’s Unprivileged Namespace Restriction. Article by @u1f383 about the internals of the Ubuntu's implementation of restricting unprivileged user namespaces and figuring out another bypass method.
0
16
89
The researchers leaked the kernel base address using the EntryBleed side-channel attack and then turned the UAF on the vsock_sock structure into a RIP control primitive to execute a ROP-chain.
0
3
6
Exploiting the CVE-2025-21756 1-day vulnerability. @v4bel and @_qwerty_po posted a kernelCTF report about exploiting a UAF in the vsock subsystem of the Linux kernel:.
1
39
169
Solo: A Pixel 6 Pro Story (When one bug is all you need). Awesome article by Lin Ze Wei about adapting the Pixel 7/8 exploit for a bug in the Mali GPU driver to Pixel 6 Pro.
0
28
112
Author published an exploit for this bug that disable SELinux and gains root privileges on Pixel 8 running from the untrusted_app context. The exploit is not affected by MTE.
0
2
6
Bypassing MTE with CVE-2025-0072. Article by @mmolgtm about exploiting a page use-after-free vulnerability in the ARM's Mali GPU driver in the code that manages userspace-mapped pages.
1
19
83
The researcher had to rerun the prompt multiple times before getting a true-positive result. The o3 model managed to find the 0-day vulnerability in only ~1 out of 50 runs.
0
1
2
How I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel's SMB implementation. Article by @seanhn about rediscovering a bug in the ksmbd module via the OpenAI's o3 model and then finding a 0-day vulnerability as well.
3
13
92
Android In-The-Wild: Unexpectedly Excavating a Kernel Exploit. Talk by @__sethjenkins about analyzing the traces of an In-The-Wild exploit that targeted the Qualcomm adsprpc driver.
1
36
131