/explore

Click through on any links that interest you or select the planets on the right to continue exploring the Outer Web.
You are here

www.willsroot.io
| | syst3mfailure.io
2.7 parsecs away

Travel
| | CVE-2025-38001 is a Use-After-Free vulnerability in the Linux network packet scheduler, specifically in the HFSC queuing discipline. When the HFSC qdisc is utilized with NETEM and NETEM packet duplication is enabled, using HFSC_RSC it is possible to cause a double class insertion in the HFSC eligible tree. Under normal conditions, this would lead to an infinite loop in hfsc_dequeue() due to an RBTree cycle. However, by adding TBF as root qdisc, it is possible to prevent packets from being dequeued, bypass the infinite loop, free the class, and trigger a Use-After-Free.
| | www.hackthebox.com
1.5 parsecs away

Travel
| | FizzBuzz101 shares his clever exploits for this year's Uni CTF Stream Driver Hard Pwnable
| | docfate111.github.io
3.3 parsecs away

Travel
| | [AI summary] A detailed explanation of a Linux kernel vulnerability (CVE-2021-42327) in the GPU driver, involving a SLUB buffer overflow that allows privilege escalation and arbitrary code execution through exploitation techniques like heap spraying and KASLR bypass.
| | blog.impalabs.com
23.4 parsecs away

Travel
| After an in-depth analysis of the NPU OS and its interaction with the Android kernel, this second part gives a more offensive outlook on this component. We will go through the main attack vectors to target it and detail two vulnerabilities that can be chained together to get code execution in the NPU from the NPU driver before pivoting back into the kernel.