Explore >> Select a destination
|
You are here 
|
www.willsroot.io | ||
| | | | |
klecko.github.io
|
|
| | | | | Last month Blue Frost Security published two exploitation challenges for Ekoparty 2022. One of them was a Linux kernel challenge. I don't have much experience with Linux kernel exploitation, so this was a good opportunity to practise. I also write this up as a reference for my future self. | |
| | | | |
allelesecurity.com
|
|
| | | | | In 2024, our research team noticed and wrote proofs of concept for a use-after-free vulnerability affecting the latest Red Hat Enterprise Linux 9 (RHEL 9). At the time, kernel version 5.14.0-503.15.1.el9_5. The vulnerability had been fixed on the Linux kernel upstream on July 17, 2023 [1][2]. After we reported it, it was backported to Red... | |
| | | | |
a13xp0p0v.tech
|
|
| | | | | CVE-2021-26708 is assigned to five race condition bugs in the virtual socket implementation of the Linux kernel. I discovered and fixed them in January 2021. In this article I describe how to exploit them for local privilege escalation on Fedora 33 Server for x86_64, bypassing SMEP and SMAP. | |
| | | | |
mutur4.github.io
|
|
| | | In the Linux Kernel 'ring (0)' a stack is also allocated for local variables defined in functions. These functions are mainly implemented for device drivers that are defined in different Loadable Kernel Modules (LKMs). The same stack is also vulnerable to stack overflow attacks that aim at overwriting the return address saved on the stack - this post will cover exploiting these vulnerabilities. | ||
