🐛New post: Exploiting CVE-2024-1065 via the Page Cache!
A strategy for physical-page UAFs in MIGRATE_MOVABLE, where Dirty Pagetable and Dirty Cred don't apply.
Demonstrated on the Mali GPU UAF found by Project Zero.
https://t.co/2QmH3TFFtt
#ExploitDevelopment#KernelSecurity
NVIDIA’s probably pretty Pwn2Own-friendly. You never have to stress about your bugs getting patched before the contest.🤣We @llfamsec sent them a few vulnerabilities last month. Three separate full-chain container escapes in the NV Container Toolkit — still haven’t been patched.
Qualys Threat Research Unit (TRU) discovered CrackArmor: 9 AppArmor flaws impacting 12M+ Linux systems since 2017. These enable root access & container breakouts.
Patch your kernels now! Details: https://t.co/frznetHzYJ
#Linux#Cybersecurity#CrackArmor"
@_qwerty_po and I exploited a VSock 1-day in Google kernelCTF back in *February*, securing $71,337 🥳 (CVE-2025-21756, exp237/exp249)
And I’ve just published the write-up: https://t.co/PLX5PnshLH
A kernel developer reviewing a patch for a separate VSock bug I submitted accidentally discovered this vulnerability, and we were the first to exploit it.
PoC 💻: root on Ubuntu 24.04
this is so insane. kCTF has a first-come-first-serve policy when it comes to 0day bounties when an instance releases. this team hand crafted a proof of work solver with avx-512 instructions to beat everyone else with an 0day to the flag: https://t.co/98hBSAFLum
Today, Lei Lu and Xin Guo, independent researchers, gave a presentation on several commonly overlooked vulnerable iteration patterns in file system images. Thanks for the talk — waiting for the next time!
I wrote-up how I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation. Link to the blog post below 👇
Linux Kernel Exploitation series
Awesome series of articles by @ri5255 that outlines many commonly-used modern exploitation techniques.
https://t.co/b9ydNug2Ja