|
You are here |
www.willsroot.io | ||
| | | | |
syst3mfailure.io
|
|
| | | | | CVE-2025-38001 is a Use-After-Free vulnerability in the Linux network packet scheduler, specifically in the HFSC queuing discipline. When the HFSC qdisc is utilized with NETEM and NETEM packet duplication is enabled, using HFSC_RSC it is possible to cause a double class insertion in the HFSC eligible tree. Under normal conditions, this would lead to an infinite loop in hfsc_dequeue() due to an RBTree cycle. However, by adding TBF as root qdisc, it is possible to prevent packets from being dequeued, bypass the infinite loop, free the class, and trigger a Use-After-Free. | |
| | | | |
www.hackthebox.com
|
|
| | | | | FizzBuzz101 shares his clever exploits for this year's Uni CTF Stream Driver Hard Pwnable | |
| | | | |
docfate111.github.io
|
|
| | | | | [AI summary] A detailed explanation of a Linux kernel vulnerability (CVE-2021-42327) in the GPU driver, involving a SLUB buffer overflow that allows privilege escalation and arbitrary code execution through exploitation techniques like heap spraying and KASLR bypass. | |
| | | | |
blog.impalabs.com
|
|
| | | After an in-depth analysis of the NPU OS and its interaction with the Android kernel, this second part gives a more offensive outlook on this component. We will go through the main attack vectors to target it and detail two vulnerabilities that can be chained together to get code execution in the NPU from the NPU driver before pivoting back into the kernel. | ||