• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    公众号

xairy/linux-kernel-exploitation: A collection of links related to Linux kernel s ...

原作者: [db:作者] 来自: 网络 收藏 邀请

开源软件名称(OpenSource Name):

xairy/linux-kernel-exploitation

开源软件地址(OpenSource Url):

https://github.com/xairy/linux-kernel-exploitation

开源编程语言(OpenSource Language):


开源软件介绍(OpenSource Introduction):

Linux Kernel Exploitation

A collection of links related to Linux kernel security and exploitation.

Updated bimonthly. Pull requests are welcome as well.

Follow @andreyknvl on Twitter to be notified of updates.

Subscribe to @linkersec on Telegram, Twitter, or Reddit for highlights.

Contents

Books

2014: "Android Hacker's Handbook" by Joshua J. Drake [book]

2012: "A Guide to Kernel Exploitation: Attacking the Core" by Enrico Perla and Massimiliano Oldani [book] [materials]

Techniques

Exploitation

2022: "USMA: Share Kernel Code With Me" by Yong Liu, Jun Yao, and Xiaodong Wang [slides] [paper] [article]

2022: "Linux kernel heap feng shui in 2022" by Michael S and Vitaly Nikolenko [article]

2022: "LiKE: A Series on Linux Kernel Exploitation" by sam4k [article] [modprobe_path]

2022: "Racing against the clock -- hitting a tiny kernel race window" by Jann Horn [article]

2022: "Playing for K(H)eaps: Understanding and Improving Linux Kernel Exploit Reliability" [paper]

2022: "Learning Linux kernel exploitation" by 0x434b [article] [part 2]

2021: "ExpRace: Exploiting Kernel Races through Raising Interrupts" at USENIX [paper] [slides] [video]

2021: "Utilizing msg_msg Objects for Arbitrary Read and Arbitrary Write in the Linux Kernel" [article] [part2]

2021: "Linux Kernel Exploitation Technique: Overwriting modprobe_path" [article]

2021: "Learning Linux Kernel Exploitation" [article] [part 2] [part 3]

2020: "Exploiting Kernel Races Through Taming Thread Interleaving" [slides] [video]

2020: "Locating the kernel PGD on Android/aarch64" by Vitaly Nikolenko [article]

2020: "A Systematic Study of Elastic Objects in Kernel Exploitation" [paper] [video]

2020: "Exploiting Uses of Uninitialized Stack Variables in Linux Kernels to Leak Kernel Pointers" [slides] [paper] [video]

2020: "BlindSide: Speculative Probing: Hacking Blind in the Spectre Era" [paper]

2020: "Linux Kernel Stack Smashing" by Silvio Cesare [article]

2020: "Structures that can be used in kernel exploits" [article]

2019: "Hands Off and Putting SLAB/SLUB Feng Shui in Blackbox" by Yueqi (Lewis) Chen at Black Hat Europe [slides] [code]

2019: "SLAKE: Facilitating Slab Manipulation for Exploiting Vulnerabilities in the Linux Kernel" by Yueqi (Lewis) Chen and Xinyu Xing [slides] [paper]

2019: "Exploiting Race Conditions Using the Scheduler" by Jann Horn at Linux Security Summit EU [slides] [video]

2019: "Kepler: Facilitating Control-flow Hijacking Primitive Evaluation for Linux Kernel Vulnerabilities" [slides] [video] [paper]

2019: "Leak kernel pointer by exploiting uninitialized uses in Linux kernel" by Jinbum Park [slides]

2018: "FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities" [slides] [paper]

2018: "Linux Kernel universal heap spray" by Vitaly Nikolenko [article]

2018: "Linux-Kernel-Exploit Stack Smashing" [article]

2018: "Entering God Mode  -  The Kernel Space Mirroring Attack" [article]

2018: "Mirror Mirror: Rooting Android 8 with a Kernel Space Mirroring Attack" by Wang Yong at HitB [slides]

2018: "KSMA: Breaking Android kernel isolation and Rooting with ARM MMU features" by Wang Yong at BlackHat [slides]

2018: "Still Hammerable and Exploitable: on the Effectiveness of Software-only Physical Kernel Isolation" [paper]

2018: "linux kernel pwn notes" [article]

2018: "Use of timer_list structure in linux kernel exploit" [article]

2017: "Escalating Privileges in Linux using Fault Injection" by Niek Timmers and Cristofaro Mune [slides] [video] [paper]

2017: "Kernel Driver mmap Handler Exploitation" by Mateusz Fruba [paper]

2017: "Linux kernel addr_limit bug / exploitation" by Vitaly Nikolenko [video]

2017: "The Stack Clash" by Qualys Research Team [article]

2017: "New Reliable Android Kernel Root Exploitation Techniques" [slides]

2017: "Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying" [paper]

2017: "Breaking KASLR with perf" by Lizzie Dixon [article]

2017: "Linux kernel exploit cheetsheet" [article]

2016: "Getting Physical Extreme abuse of Intel based Paging Systems" by Nicolas Economou and Enrique Nissim [slides]

2016: "Linux Kernel ROP - Ropping your way to # (Part 1)" by Vitaly Nikolenko [article] [exercise]

2016: "Linux Kernel ROP - Ropping your way to # (Part 2)" by Vitaly Nikolenko [article]

2016: "Exploiting COF Vulnerabilities in the Linux kernel" by Vitaly Nikolenko at Ruxcon [slides]

2016: "Using userfaultfd" by Lizzie Dixon [article]

2016: "Direct Memory Attack the Kernel" by Ulf Frisk at DEF CON [video]

2016: "Randomization Can't Stop BPF JIT Spray" by Elena Reshetova at Black Hat [slides] [video] [paper]

2015: "Kernel Data Attack is a Realistic Security Threat" [paper]

2015: "From Collision To Exploitation: Unleashing Use-After-Free Vulnerabilities in Linux Kernel" [paper]

2015: "Modern Binary Exploitation: Linux Kernel Exploitation" by Patrick Biernat [slides] [exercise]

2013: "Hacking like in the Movies: Visualizing Page Tables for Local Exploitation" at Black Hat

2013: "Exploiting linux kernel heap corruptions" by Mohamed Channam [article]

2012: "Writing kernel exploits" by Keegan McAllister [slides]

2012: "Understanding Linux Kernel Vulnerabilities" by Richard Carback [slides]

2012: "A Heap of Trouble: Breaking the Linux Kernel SLOB Allocator" by Dan Rosenberg [paper]

2012: "Attacking hardened Linux systems with kernel JIT spraying" by Keegan McAllister [article] [code 1] [code 2]

2012: "The Linux kernel memory allocators from an exploitation perspective" by Patroklos Argyroudis [article]

2012: "The Stack is Back" by Jon Oberheide [slides]

2012: "Stackjacking" by Jon Oberheide and Dan Rosenberg [slides]

2011: "Stackjacking Your Way to grsec/PaX Bypass" by Jon Oberheide [article]

2010: "Much ado about NULL: Exploiting a kernel NULL dereference" [article]

2010: "Exploiting Stack Overflows in the Linux Kernel" by Jon Oberheide [article]

2010: "Linux Kernel Exploitation: Earning Its Pwnie a Vuln at a Time" by Jon Oberheide at SOURCE Boston [slides]

2009: "There's a party at ring0, and you're invited" by Tavis Ormandy and Julien Tinnes at CanSecWest [slides]

2007: "Kernel-mode exploits primer" by Sylvester Keil and Clemens Kolbitsch [paper]

2007: "Attacking the Core : Kernel Exploiting Notes" [article]

2007: "The story of exploiting kmalloc() overflows" [article]

2007: "Linux 2.6 Kernel Exploits" by Stephane Duverger [slides]

2005: "Large memory management vulnerabilities" by Gael Delalleau at CancSecWest [slides]

2005: "The story of exploiting kmalloc() overflows" [article]

Protection Bypasses

2022: "Tetragone: A Lesson in Security Fundamentals" by Pawel Wieczorkiewicz and Brad Spengler [article]

2021: "A General Approach to Bypassing Many Kernel Protections and its Mitigation" by Yueqi Chen [slides] [video]

2021: "Attacking Samsung RKP" by Alexandre Adamski [article]

2020: "Things not to do when using an IOMMU" by Ilja van Sprundel and Joseph Tartaro [video]

2020: "SELinux RKP misconfiguration on Samsung S20 devices" by Vitaly Nikolenko [article]

2020: "TagBleed: Breaking KASLR on the Isolated Kernel Address Space using Tagged TLBs" [paper]

2020: "Weaknesses in Linux Kernel Heap Hardening" by Silvio Cesare [article]

2020: "An Analysis of Linux Kernel Heap Hardening" by Silvio Cesare [article]

2020: "PAN: Another day, another broken mitigation" by Siguza [article]

2019: "KNOX Kernel Mitigation Bypasses" by Dong-Hoon You at PoC [slides]

2017: "Lifting the (Hyper) Visor: Bypassing Samsung’s Real-Time Kernel Protection" by Gal Beniamini [article]

2016: "Linux Kernel x86-64 bypass SMEP - KASLR - kptr_restric" [article]

2016: "Practical SMEP bypass techniques on Linux" by Vitaly Nikolenko at KIWICON [slides]

2016: "Micro architecture attacks on KASLR" by Anders Fogh" [article]

2016: "Jump Over ASLR: Attacking Branch Predictors to Bypass ASLR" by Dmitry Evtyushkin, Dmitry Ponomarev and Nael Abu-Ghazaleh [slides]

2016: "Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR" by Daniel Gruss, Clementine Maurice, Anders Fogh, Moritz Lipp and Stefan Mangard at CCS [video]

2016: "Using Undocumented CPU Behavior to See Into Kernel Mode and Break KASLR in the Process" at Black Hat [video]

2016: "Breaking KASLR with Intel TSX" Yeongjin Jang, Sangho Lee and Taesoo Kim at Black Hat [slides] [video]

2016: "Breaking KASLR with micro architecture" by Anders Fogh [article]

2015: "Effectively bypassing kptr_restrict on Android" by Gal Beniamini [article]

2014: "ret2dir: Deconstructing Kernel Isolation" by Vasileios P. Kemerlis, Michalis Polychronakis and Angelos D. Keromytis at Black Hat Europe [paper] [video]

2013: "A Linux Memory Trick" by Dan Rosenberg [article]

2011: "SMEP: What is It, and How to Beat It on Linux" by Dan Rosenberg [article]

2009: "Bypassing Linux' NULL pointer dereference exploit prevention (mmap_min_addr)" [article]

Vulnerabilities

Project Zero bug reports

Linux Kernel CVEs

Assorted advisories by Gyorgy Miru and kutyacica

Info-leaks

2022: "Yet another bug into Netfilter" by Arthur Mongodin [article] [CVE-2022-1972]

2022: "The AMD Branch (Mis)predictor: Just Set it and Forget it!" by Pawel Wieczorkiewicz [article] [Spectre]

2022: "The AMD Branch (Mis)predictor Part 2: Where No CPU has Gone Before (CVE-2021-26341)" by Pawel Wieczorkiewicz [article] [Spectre]

2021: "Samsung S10+/S9 kernel 4.14 (Android 10) Kernel Function Address (.text) and Heap Address Information Leak" [article] [CVE-TBD]

2021: "Linux Kernel /proc/pid/syscall information disclosure vulnerability" [article] [CVE-2020-28588]

2021: "Spectre exploits in the "wild"" [article]

2021: "VDSO As A Potential KASLR Oracle" by Philip Pettersson and Alex Radocea [article]

2020: "PLATYPUS: Software-based Power Side-Channel Attacks on x86" [paper]

2019: "CVE-2018-3639 / CVE-2019-7308 - Analysis of Spectre Attacking Linux Kernel ebpf" [article] [CVE-2018-3639, CVE-2019-7308]

2019: "From IP ID to Device ID and KASLR Bypass (Extended Version)" [paper]

2018: "Kernel Memory disclosure & CANVAS Part 1 - Spectre: tips & tricks" [article] [Spectre]

2018: "Kernel Memory disclosure & CANVAS Part 2 - CVE-2017-18344 analysis & exploitation notes" [article] [CVE-2017-18344]

2018: "CVE-2017-18344: Exploiting an arbitrary-read vulnerability in the Linux kernel timer subsystem" by Andrey Konovalov [article] [CVE-2017-18344]

2017: "Linux kernel 2.6.0 to 4.12-rc4 infoleak due to a data race in ALSA timer" by Alexander Potapenko [announcement] [CVE-2017-1000380]

2017: "The Infoleak that (Mostly) Wasn't" by Brad Spengler [article] [CVE-2017-7616]

2016: "Exploiting a Linux Kernel Infoleak to bypass Linux kASLR" [article]

2010: "Linux Kernel pktcdvd Memory Disclosure" by Jon Oberheide [article] [CVE-2010-3437]

2009: "Linux Kernel x86-64 Register Leak" by Jon Oberheide [article] [CVE-2009-2910]

2009: "Linux Kernel getname() Stack Memory Disclosures" by Jon Oberheide [article] [CVE-2009-3001]

LPE

2022: "The Android kernel mitigations obstacle race" by Man Yue Mo [article] [CVE-2022-22057]

2022: "io_uring - new code, new bugs, and a new exploit technique" by Lam Jun Rong [article] [CVE-2021-41073]

2022: "Exploration of the Dirty Pipe Vulnerability (CVE-2022-0847)" by lolcads [article] [CVE-2022-0847]

2022: "DirtyPipe-Android/TECHNICAL-DETAILS.md" by polygraphene [article] [CVE-2022-0847]

2022: "Weaponizing dirtypipe on android" by Giovanni Rocca [slides] [exploit] [CVE-2022-0847]

2022: "How The Tables Have Turned: An analysis of two new Linux vulnerabilities in nf_tables" by David Bouman [CVE-2022-1015] [CVE-2022-1016]

2022: "The Discovery and Exploitation of CVE-2022-25636" by Nick Gregory [article] [CVE-2022-25636]

2022: "CVE-2022-27666: Exploit esp6 modules in Linux kernel" by ETenal [article] [CVE-2022-27666]

2022: "Put an io_uring on it: Exploiting the Linux Kernel" by Valentina Palmiotti [article] [CVE-2021-41073]

2022: "The Dirty Pipe Vulnerability" by Max Kellermann [article] [CVE-2022-0847]

2022: "CVE-2022-0185 - Winning a $31337 Bounty after Pwning Ubuntu and Escaping Google's KCTF Containers" [article] [CVE-2022-0185]

2022: "CVE-2022-0185: Linux kernel slab out-of-bounds write: exploit and writeup" by Alejandro Guerrero [article] [CVE-2022-0185]

2022: "CVE-2022-0185: A Case Study" [article] [CVE-2022-0185]

2022: "Linux kernel Use-After-Free (CVE-2021-23134) PoC" [article] [CVE-2021-23134]

2022: "Exploiting CVE-2021-26708 (Linux kernel) with ssh" [article] [CVE-2021-26708]

2022: "exploiting CVE-2019-2215" by cutesmilee [article] [CVE-2019-2215]

2021: "Your Trash Kernel Bug, My Precious 0-day" by Zhenpeng Lin [slides] [CVE-2021-3715]

2021: "[CVE-2021-42008] Exploiting A 16-Year-Old Vulnerability In The Linux 6pack Driver" [article] [CVE-2021-42008]

2021: "PWN2OWN Local Escalation of Privilege Category, Ubuntu Desktop Exploit" [article] [CVE-TBD]

2021: "Reversing and Exploiting Samsung's NPU" by Maxime Peterlin [article] [part 2] slides

2021: "Fall of the machines: Exploiting the Qualcomm NPU (neural processing unit) kernel driver" by Man Yue Mo [article] [CVE-2021-1940, CVE-2021-1968, CVE-2021-1969]

2021: "Exploiting CVE-2021-43267" by Blasty [article] [CVE-2021-43267]

2021: "How a simple Linux kernel memory corruption bug can lead to complete system compromise" by Jann Horn [article] [CVE-TBD]

2021: "SuDump: Exploiting suid binaries through the kernel" by Itai Greenhut [article] [CVE-TBD]

2021: "CVE-2021-34866 Writeup" by HexRabbit [article] [CVE-2021-34866]

2021: "Kernel Pwning with eBPF: a Love Story" by Valentina Palmiotti [article] [CVE-2021-3490]

2021: "The Art of Exploiting UAF by Ret2bpf in Android Kernel" by Xingyu Jin and Richard Neal [article] [slides] [video] [CVE-2021-0399]

2021: "Internal of the Android kernel backdoor vulnerability" [article] [CVE-2021-28663]

2021: "Escape from chrome sandbox to root" [article] [CVE-2020-0423]

2021: "CVE-2017-11176" by Maher Azzouzi [article] [CVE-2017-11176]

2021: "Sequoia: A deep root in Linux's filesystem layer (CVE-2021-33909)" by Qualys Research Team [article] [CVE-2021-33909]

2021: "CVE-2021-22555: Turning \x00\x00 into 10000$" by Andy Nguyen [CVE-2021-22555, article]

2021: "Exploitation of a double free vulnerability in Ubuntu shiftfs driver (CVE-2021-3492)" by Vincent Dehors [article] [CVE-2021-3492]

2021: "CVE-2021-20226 a reference counting bug which leads to local privilege escalation in io_uring" [article] [CVE-2021–20226]

2021: "CVE-2021-32606: CAN ISOTP local privilege escalation" [article] [CVE-2021-32606]

2021: "CVE-2021-3609: CAN BCM local privilege escalation" [article] [announcement] [CVE-2021-3609]

2021: "Blue Klotski (CVE-2021-3573) and the story for fixing" by f0rm2l1n [article] [announcement] [CVE-2021-3573]

2021: "ZDI-20-1440: An Incorrect Calculation Bug in the Linux Kernel eBPF Verifier" by Lucas Leong [article]

2021: "ZDI-20-1440 Writeup" by HexRabbit [article]

2021: "SSD Advisory – OverlayFS PE" [article] [CVE-2021-3493]

2021: "[BugTales] A Nerve-Racking Bug Collision in Samsung's NPU Driver" by Gyorgy Miru [article] [CVE-2020-28343, SVE-2020-18610]

2021: "CVE-2021-20226: A Reference-Counting Bug in the Linux Kernel io_uring Subsystem" by Lucas Leong [article] [CVE-2021-20226]

2021: "One day short of a full chain: Part 1 - Android Kernel arbitrary code execution" by Man Yue Mo [article] [GHSL-2020-375]

2021: "New Old Bugs in the Linux Kernel" [article] [CVE-2021-27365, CVE-2021-27363, CVE-2021-27364]

2021: "Four Bytes of Power: exploiting CVE-2021-26708 in the Linux kernel" [article] [slides] [video] [CVE-2021-26708]

2021: "Improving the exploit for CVE-2021-26708 in the Linux kernel to bypass LKRG" by Alexander Popov [article] [slides] [video]

2021: "Gaining root access in Linux using the CVE-2021-26708 vulnerability" by Markel Azpeitia Loiti [paper]

2021: "CVE-2014-3153" by Maher Azzouzi [article] [CVE-2014-3153]

2021: "The curious case of CVE-2020-14381" [article] [CVE-2020-14381]

2021: "Galaxy's Meltdown - Exploiting SVE-2020-18610" [article] [CVE-2020-28343, SVE-2020-18610]

2021: "In-the-Wild Series: Android Exploits" by Mark Brand [article]

2021: "Exploiting CVE-2014-3153 (Towelroot)" by Elon Gliksberg [article] [CVE-2014-3153]

2021: "CVE-2014-3153" by Maher Azzouzi [article] [CVE-2014-3153]

2020: "An iOS hacker tries Android" by Brandon Azad [article] [CVE-2020-28343, SVE-2020-18610]

2020: "Exploiting a Single Instruction Race Condition in Binder" [article] [CVE-2020-0423]

2020: "Three Dark clouds over the Android kernel" by Jun Yao [slides] [CVE-2020-3680]

2020: "Kernel Exploitation With A File System Fuzzer" [slides] [video] [CVE-2019-19377]

2020: "Finding and exploiting a bug (LPE) in an old Android phone" by Brandon Falk [stream] [part 2] [summary]

2020: "CVE-2020-14386: Privilege Escalation Vulnerability in the Linux kernel" by Or Cohen [article] [CVE-2020-14386]

2020: "Attacking the Qualcomm Adreno GPU" by Ben Hawkes [article] [CVE-2020-11179]

2020: "TiYunZong: An Exploit Chain to Remotely Root Modern Android Devices" by Guang Gong at Black Hat [slides] [paper] [CVE-2019-10567]

2020: "Binder - Analysis and exploitation of CVE-2020-0041" by Jean-Baptiste Cayrou [article] [CVE-2020-0041]

2020: "Binder IPC and its vulnerabilities" by Jean-Baptiste Cayrou at THCON [slides] [CVE-2019-2215, CVE-2019-2025, CVE-2019-2181, CVE-2019-2214, CVE-2020-0041]

2020: "Exploiting CVE-2020-0041 - Part 2: Escalating to root" by Eloi Sanfelix and Jordan Gruskovnjak [article] [CVE-2020-0041]

2020: "A bug collision tale" by Eloi Sanfelix at OffensiveCon [slides] [video] [CVE-2019-2025]

2020: "CVE-2020-8835: Linux Kernel Privilege Escalation via Improper eBPF Program Verification" by Manfred Paul [article] [CVE-2020-8835]

2020: "Mitigations are attack surface, too" by Jann Horn [article]

2020: "CVE-2019-18683: Exploiting a Linux kernel vulnerability in the V4L2 subsystem" by Alexander Popov [article] [slides] [CVE-2019-18683]

2020: "Multiple Kernel Vulnerabilities Affecting All Qualcomm Devices" by Tamir Zahavi-Brunner [article] [CVE-2019-14040, CVE-2019-14041]

2019: "CVE-2017-16995 Analysis - eBPF Sign Extension LPE" by senyuuri [article] [CVE-2017-16995]

2019: "Kernel Research / mmap handler exploitation" by deshal3v[article] [CVE-2019-18675]

2019: "Bad Binder: Android In-The-Wild Exploit" by Maddie Stone [article] [CVE-2019-2215]

2019: "Analyzing Android's CVE-2019-2215 (/dev/binder UAF)" [article] [CVE-2019-2215]

2019: "Stream Cut: Android Kernel Exploitation with Binder Use-After-Free (CVE-2019-2215)" [video] [CVE-2019-2215]

2019: "CVE-2019-2215 - Android kernel binder vulnerability analysis" [article] [CVE-2019-2215]

2019: "Deep Analysis of Exploitable Linux Kernel Vulnerabilities" by Tong Lin and Luhai Chen at Linux Security Summit EU [video] [CVE-2017-16995, CVE-2017-10661]

2019: "Tailoring CVE-2019-2215 to Achieve Root" by Grant Hernandez [article] [CVE-2019-2215]

2019: "From Zero to Root: Building Universal Android Rooting with a Type Confusion Vulnerability" by Wang Yong [slides] [CVE-2018-9568, WrongZone]

2019: "KARMA takes a look at offense and defense: WrongZone from exploitation to repair" [article] [CVE-2018-9568, WrongZone]

2019: "Android Binder: The Bridge To Root" by Hongli Han and Mingjian Zhou [slides] [CVE-2019-2025]

2019: "The ‘Waterdrop’ in Android: A Binder Kernel Vulnerability" by Hongli Han [article] [CVE-2019-2025]

2019: "An Exercise in Practical Container Escapology" by Nick Freeman [article] [CVE-2017-1000112]

2019: "Taking a page from the kernel's book: A TLB issue in mremap()" by Jann Horn [article] [CVE-2018-18281]

2019: "CVE-2018-18281 - Analysis of TLB Vulnerabilities in Linux Kernel" [article]

2019: "Analysis of Linux xfrm Module Cross-Border Read-Write Escalation Vulnerability (CVE-2017-7184)" [article] [CVE-2017-7184]

2019: "Analysis of Escalation Vulnerability Caused by Integer Extension of Linux ebpf Module (CVE-2017-16995)" [article] [CVE-2017-16995]

2019: "Linux kernel 4.20 BPF integer overflow vulnerability analysis" [article]

2019: "Attacking DRM subsystem to gain kernel privilege on Chromebooks" by Di Shen [slides] [video] [CVE-2019-16508]

2018: "Linux kernel 4.20 BPF integer overflow-heap overflow vulnerability and its exploitation" [article]

2018: "CVE-2017-11176: A step-by-step Linux Kernel exploitation [article] [CVE-2017-11176]

2018: "A cache invalidation bug in Linux memory management" by Jann Horn [article] [CVE-2018-17182]

2018: "Dissecting a 17-year-old kernel bug" by Vitaly Nikolenko at beVX [slides] [CVE-2018-6554, CVE-2018-6555]

2018: "SSD Advisory – IRDA Linux Driver UAF" [article] [CVE-2018-6554, CVE-2018-6555]

2018: "Integer overflow in Linux's create_elf_tables()" [announcement] [CVE-2018-14634]

2018: "MMap Vulnerabilities – Linux Kernel" [article] [CVE-2018-8781]

2018: "Ubuntu kernel eBPF 0day analysis" [article] [CVE-2017-16995]

2018: "eBPF and Analysis of the get-rekt-linux-hardened.c Exploit for CVE-2017-16995" [article] [CVE-2017-16695]

2017: "CVE-2017-1000112: Exploiting an out-of-bounds bug in the Linux kernel UFO packets" by Andrey Konovalov [article] [CVE-2017-1000112]

2017: "Linux Kernel Vulnerability Can Lead to Privilege Escalation: Analyzing CVE-2017-1000112" by Krishs Patil [article] [CVE-2017-1000112]

2017: "Adapting the POC for CVE-2017-1000112 to Other Kernels" [article] [CVE-2017-1000112]

2017: "The Art of Exploiting Unconventional Use-after-free Bugs in Android Kernel" by Di Shen [slides] [CVE-2017-0403, CVE-2016-6787] [video]

2017: "Exploiting CVE-2017-5123 with full protections. SMEP, SMAP, and the Chrome Sandbox!" by Chris Salls [article] [CVE-2017-5123]

2017: "Exploiting CVE-2017-5123" by Federico Bento [article] [CVE-2017-5123]

2017: "Escaping Docker container using waitid() – CVE-2017-5123" by Daniel Shapira [article] [CVE-2017-5123]

2017: "LKE v4.13.x - waitid() LPE" by HyeongChan Kim [article] [CVE-2017-5123]

2017: "Exploiting on CVE-2016-6787" [article] [CVE-2016-6787]

2017: "Race For Root: The Analysis Of The Linux Kernel Race Condition Exploit" by Alexander Popov [video] [CVE-2017-2636]

2017: "Race For Root: The Analysis Of The Linux Kernel Race Condition Exploit" by Alexander Popov [slides] [CVE-2017-2636]

2017: "CVE-2017-2636: exploit the race condition in the n_hdlc Linux kernel driver bypassing SMEP" by Alexander Popov [article] [CVE-2017-2636]

2017: "CVE-2017-2636: local privilege escalation flaw in n_hdlc" by Alexander Popov [announcement] [CVE-2017-2636]

2017: "Dirty COW and why lying is bad even if you are the Linux kernel" [article] [CVE-2016-5195]

2017: "NDAY-2017-0103: Arbitrary kernel write in sys_oabi_epoll_wait" by Zuk Avraham [article] [CVE-2016-3857]

2017: "NDAY-2017-0106: Elevation of Privilege in NVIDIA nvhost-vic driver" by Zuk Avraham [article] [CVE-2016-2434]

2017: "PWN2OWN 2017 Linux kernel privilege escalation analysis" [article] [CVE-2017-7184]

2017: "Exploiting the Linux kernel via packet sockets" by Andrey Konovalov [article] [CVE-2017-7308]

2017: "NDAY-2017-0105: Elevation of Privilege Vulnerability in MSM Thermal Drive" by Zuk Avraham [article] [CVE-2016-2411]

2017: "NDAY-2017-0102: Elevation of Privilege Vulnerability in NVIDIA Video Driver" by Zuk Avraham [article] [CVE-2016-2435]

2017: "CVE-2017-6074: Exploiting a double-free in the Linux kernel DCCP sockets" by Andrey Konovalov [article] [CVE-2017-6074]

2016: "CVE-2016-8655 Linux af_packet.c race condition (local root)" by Philip Pettersson [announcement] [CVE-2016-8655]

2016: "Rooting Every Android From Extension To Exploitation" by Di Shen and James Fang at Black Hat [slides] [article] [CVE-2015-0570, CVE-2016-0820, CVE-2016-2475, CVE-2016-8453]

2016: "Talk is Cheap, Show Me the Code" by James Fang, Di Shen and Wen Niu [slides] [CVE-2015-1805]

2016: "CVE-2016-3873: Arbitrary Kernel Write in Nexus 9" by Sagi Kedmi [article] [CVE-2016-3873]

2016: "Exploiting Recursion in the Linux Kernel" by Jann Horn [article] [CVE-2016-1583]

2016: "ANALYSIS AND EXPLOITATION OF A LINUX KERNEL VULNERABILITY (CVE-2016-0728)" By Perception Point Research Team [article] [CVE-2016-0728]

2016: "CVE20160728 Exploit Code Explained" by Shilong Zhao [article] [CVE-2016-0728]

2016: "CVE-2016-0728 vs Android" by Collin Mulliner [article] [CVE-2016-0728]

2016: "Notes about CVE-2016-7117" by Lizzie Dixon [article] [CVE-2016-7117]

2016: "CVE-2016-2384: exploiting a double-free in the usb-midi linux kernel driver" by Andrey Konovalov [article] [CVE-2016-2384]

2016: "CVE-2016-6187: Exploiting Linux kernel heap off-by-one" by Vitaly Nikolenko [article] [CVE-2016-6187]

该文章已有0人参与评论

请发表评论

全部评论

上一篇:
mzet-/linux-exploit-suggester: Linux privilege escalation auditing tool发布时间:2022-08-15
下一篇:
coregear/linux: 运维笔记发布时间:2022-08-15
热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap