fa
Feedback
Linux Kernel Security

Linux Kernel Security

رفتن به کانال در Telegram

Links related to Linux kernel security and exploitation | Chat @linkersec_chat | @xairy @a13xp0p0v

نمایش بیشتر
4 504
مشترکین
+224 ساعت
+347 روز
+12730 روز

در حال بارگیری داده...

جذب مشترکین
ژوئیه '26
ژوئیه '26
+16
در 0 کانال‌ها
ژوئن '26
+163
در 0 کانال‌ها
Get PRO
مه '26
+124
در 0 کانال‌ها
Get PRO
آوریل '26
+106
در 0 کانال‌ها
Get PRO
مارس '26
+81
در 0 کانال‌ها
Get PRO
فوریه '26
+107
در 0 کانال‌ها
Get PRO
ژانویه '26
+124
در 3 کانال‌ها
Get PRO
دسامبر '25
+156
در 2 کانال‌ها
Get PRO
نوامبر '25
+120
در 1 کانال‌ها
Get PRO
اکتبر '25
+95
در 1 کانال‌ها
Get PRO
سپتامبر '25
+102
در 2 کانال‌ها
Get PRO
اوت '25
+52
در 1 کانال‌ها
Get PRO
ژوئیه '25
+70
در 1 کانال‌ها
Get PRO
ژوئن '25
+51
در 1 کانال‌ها
Get PRO
مه '25
+65
در 2 کانال‌ها
Get PRO
آوریل '25
+78
در 2 کانال‌ها
Get PRO
مارس '25
+111
در 2 کانال‌ها
Get PRO
فوریه '25
+53
در 0 کانال‌ها
Get PRO
ژانویه '25
+52
در 1 کانال‌ها
Get PRO
دسامبر '24
+147
در 3 کانال‌ها
Get PRO
نوامبر '24
+93
در 0 کانال‌ها
Get PRO
اکتبر '24
+137
در 2 کانال‌ها
Get PRO
سپتامبر '24
+134
در 2 کانال‌ها
Get PRO
اوت '24
+111
در 2 کانال‌ها
Get PRO
ژوئیه '24
+106
در 2 کانال‌ها
Get PRO
ژوئن '24
+127
در 0 کانال‌ها
Get PRO
مه '24
+77
در 0 کانال‌ها
Get PRO
آوریل '24
+94
در 0 کانال‌ها
Get PRO
مارس '24
+81
در 1 کانال‌ها
Get PRO
فوریه '24
+96
در 0 کانال‌ها
Get PRO
ژانویه '24
+104
در 0 کانال‌ها
Get PRO
دسامبر '23
+84
در 0 کانال‌ها
Get PRO
نوامبر '23
+150
در 0 کانال‌ها
Get PRO
اکتبر '23
+91
در 0 کانال‌ها
Get PRO
سپتامبر '23
+134
در 0 کانال‌ها
Get PRO
اوت '23
+92
در 0 کانال‌ها
Get PRO
ژوئیه '23
+73
در 0 کانال‌ها
Get PRO
ژوئن '23
+100
در 0 کانال‌ها
Get PRO
مه '23
+144
در 0 کانال‌ها
Get PRO
آوریل '23
+36
در 0 کانال‌ها
Get PRO
مارس '23
+43
در 0 کانال‌ها
Get PRO
فوریه '23
+73
در 0 کانال‌ها
Get PRO
ژانویه '23
+67
در 0 کانال‌ها
Get PRO
دسامبر '22
+80
در 0 کانال‌ها
Get PRO
نوامبر '22
+85
در 0 کانال‌ها
Get PRO
اکتبر '22
+66
در 0 کانال‌ها
Get PRO
سپتامبر '22
+77
در 0 کانال‌ها
Get PRO
اوت '22
+109
در 0 کانال‌ها
Get PRO
ژوئیه '22
+67
در 0 کانال‌ها
Get PRO
ژوئن '22
+84
در 0 کانال‌ها
Get PRO
مه '22
+142
در 0 کانال‌ها
Get PRO
آوریل '22
+91
در 0 کانال‌ها
Get PRO
مارس '22
+98
در 0 کانال‌ها
Get PRO
فوریه '22
+68
در 0 کانال‌ها
Get PRO
ژانویه '22
+128
در 0 کانال‌ها
Get PRO
دسامبر '21
+57
در 0 کانال‌ها
Get PRO
نوامبر '21
+149
در 0 کانال‌ها
Get PRO
اکتبر '21
+64
در 0 کانال‌ها
Get PRO
سپتامبر '21
+111
در 0 کانال‌ها
Get PRO
اوت '21
+123
در 0 کانال‌ها
Get PRO
ژوئیه '21
+48
در 0 کانال‌ها
Get PRO
ژوئن '21
+23
در 0 کانال‌ها
Get PRO
مه '21
+29
در 0 کانال‌ها
Get PRO
آوریل '21
+333
در 0 کانال‌ها
تاریخ
رشد مشترکین
اشارات
کانال‌ها
03 ژوئیه+9
02 ژوئیه+4
01 ژوئیه+3
پست‌های کانال
Bad Epoll: The bug missed by Mythos Article by Jaeyoung Chung about exploiting CVE-2026-46242 — a race condition bug in the e
Bad Epoll: The bug missed by Mythos Article by Jaeyoung Chung about exploiting CVE-2026-46242 — a race condition bug in the eventpoll subsystem. Jaeyoung exploited this bug to claim a kernelCTF entry, but the vulnerability also affects Android kernels.

2
Unprivileged root via a use-after-free in DRM GEM change_handle (CVE-2026-46215) Stan Shaw published an article about exploit
Unprivileged root via a use-after-free in DRM GEM change_handle (CVE-2026-46215) Stan Shaw published an article about exploiting UAF in a DRM GEM ioctl. The researcher reallocated freed memory as a pipe_buffer array to set PIPE_BUF_FLAG_CAN_MERGE and perform the Dirty Pipe attack.
1 175
3
Off By !: Exploiting a Use-after-Free in the Linux Kernel Oliver Sieber published a write-up about CVE-2026-23111 in nftables, which they found in early 2025 and other researchers patched upstream in February 2026. The article describes exploiting this UAF on Debian and Ubuntu.
1 356
4
CIFSwitch: a non-universal Linux local root vulnerability Asim Viladi Oglu Manizada posted an article about a nice logic bug in the interaction between the kernel CIFS subsystem and the userspace cifs-utils package. An attacker can forge a "cifs.spnego" key in Linux keyring to make the kernel run a root userspace helper to escalate privileges of the attacker's process.
1 825
5
Unix GC Remastered Article by Moe Acherir about the internals of the new Unix sockets garbage collector implementation and th
Unix GC Remastered Article by Moe Acherir about the internals of the new Unix sockets garbage collector implementation and the analysis of CVE-2025-40214, which was used in a kernelCTF entry.
2 601
6
PinTheft Linux LPE Aaron Esau published an LPE exploit for a page double-free bug in the RDS zerocopy implementation, which can be turned into a page-cache overwrite through io_uring.
2 321
7
Logic bug in the Linux kernel's __ptrace_may_access() function (CVE-2026-46333) Article about a logical bug in the ptrace imp
Logic bug in the Linux kernel's __ptrace_may_access() function (CVE-2026-46333) Article about a logical bug in the ptrace implementation that allows getting access to file descriptors of other processes and thus escalating privileges in certain scenarios.
2 923
8
StepStone: LLM-Based GPU Kernel Driver Fuzzing via User-Space Libraries Paper by Xiaochen Zou et. al about using LLMs for gen
StepStone: LLM-Based GPU Kernel Driver Fuzzing via User-Space Libraries Paper by Xiaochen Zou et. al about using LLMs for generating syzkaller descriptions for fuzzing GPU drivers via their userspace libraries APIs.
2 629
9
Privilege Escalation via a Page Use-After-Free in Qualcomm's AI Accelerator Linux Kernel Driver Article by Lukas Maar about e
Privilege Escalation via a Page Use-After-Free in Qualcomm's AI Accelerator Linux Kernel Driver Article by Lukas Maar about exploiting a bug in the mmap handler of the QAIC driver that causes a page UAF.
2 575
10
Discovery & Validation in the Linux Kernel Three-part article by Samuel Page about analyzing two vulnerabilities (in CAN sock
Discovery & Validation in the Linux Kernel Three-part article by Samuel Page about analyzing two vulnerabilities (in CAN sockets and FUSE) and attempting to use local LLMs to rediscover the bugs.
2 849
11
Recent Page Cache Corruption Bugs Multitude of vulnerabilities that allow overwriting the page cache and thus changing the in-memory contents of read-only files to gain LPE or escape a container in certain scenarios. All stem from kernel code paths that perform in-place overwrites of user-supplied input pages without verifying that the pages are writable. Copy Fail (CVE-2026-31431): — Announcement; — Better write-up. Dirty Frag (CVE-2026-43284 and CVE-2026-43500): — Covers two independent vulnerabilities that do not require chaining; — CVE-2026-43284 is alternatively titled Copy Fail 2; — Original write-up; — Avoiding bruteforcing for CVE-2026-43500. Fragnesia (CVE-2026-46300): — Original report; — Variant. DirtyCBC / DirtyDecrypt (CVE-2026-31635?): — Write-up; — Another exploit.
2 903
12
+1
بدون متن...
1 998
13
Some notes on the security properties of the pipe_buffer kernel object a13xp0p0v (me) posted an article about a few experiments with the pipe_buffer kernel object within his kernel-hack-drill project. Alexander described multiple pipe_buffer features relevant for kernel exploits that rely on this object.
0
14
Out-of-Cancel: A Vulnerability Class Rooted in Workqueue Cancellation APIs V4bel published an article describing a complicate
Out-of-Cancel: A Vulnerability Class Rooted in Workqueue Cancellation APIs V4bel published an article describing a complicated exploit of a race condition caused by a misuse of the cancel_work_sync() kernel API in the network subsystem.
0
15
Walkthrough of an N-day Android GPU driver vulnerability Talk by Angus about analyzing CVE-2022-22706 — a logical bug in the Mali GPU driver that allows getting write access to read-only memory.
0
16
From KernelSnitch to Practical msg_msg/pipe_buffer Heap KASLR Leaks Article by Lukas Maar about evaluating the KernelSnitch t
From KernelSnitch to Practical msg_msg/pipe_buffer Heap KASLR Leaks Article by Lukas Maar about evaluating the KernelSnitch timing side-channel attack on a variety of systems, including Android. The attack allows leaking addresses of exploitation-relevant kernel allocations. Lukas also published the source code for executing the attack.
0
17
Assessing Claude Mythos Preview’s cybersecurity capabilities Article by Nicholas Carlini et. al about the security research c
Assessing Claude Mythos Preview’s cybersecurity capabilities Article by Nicholas Carlini et. al about the security research capabilities of the new Anthropic's LLM called Claude Mythos Preview. The LLM was used to discover multiple 0-days in the Linux kernel and also write privilege escalation exploits for a few previously known vulnerabilities; the article provides a detailed write-up for two such exploits.
0
18
slab: support for compiler-assisted type-based slab cache partitioning Marco Elver posted a kernel patch that provides an alt
slab: support for compiler-assisted type-based slab cache partitioning Marco Elver posted a kernel patch that provides an alternative mode to RANDOM_KMALLOC_CACHES called TYPED_KMALLOC_CACHES. The new mode leverages a Clang 22 feature called "allocation tokens". Unlike RANDOM_KMALLOC_CACHES, this mode deterministically assigns caches to allocations based on their types, and not allocation sites.
0
19
CrackArmor: Multiple vulnerabilities in AppArmor Article about a variety of vulnerabilities found in the AppArmor LSM impleme
CrackArmor: Multiple vulnerabilities in AppArmor Article about a variety of vulnerabilities found in the AppArmor LSM implementation, including a few kernel memory corruptions. Authors exploited them to achieve LPE on Ubuntu and Debian.
0