本仓库收集Linux内核利用相关资料
This repository collects documents related to Linux kernel utilization
- Wall Of Perdition: Utilizing msg_msg Objects For Arbitrary Read And Arbitrary Write In The Linux Kernel
- Overwriting modprobe_path
- Learning Linux Kernel Exploitation
- Exploiting Kernel Races Through Taming Thread Interleaving
- Exploiting Kernel Races through Taming Thread Interleaving - Video
- Locating the kernel PGD on Android/aarch64
- A Systematic Study of Elastic Objects in Kernel Exploitation
- Bypassing Many Kernel Protections Using Elastic Objects
- Exploiting Uses of Uninitialized Stack Variables in Linux Kernels to Leak Kernel Pointers - PPT
- Exploiting Uses of Uninitialized Stack Variables in Linux Kernels to Leak Kernel Pointers - PDF
- Exploiting Uses of Uninitialized Stack Variables in Linux Kernels to Leak Kernel Pointers - Video
- Linux Kernel Stack Smashing
- Kernel Exploitで使える構造体集
- Hands Off and Putting SLAB/SLUB Feng Shui in Blackbox
- Linux kernel pwn notes
- CATTmew: Defeating Software-only Physical Kernel Isolation
- Mirror Mirror: Rooting Android 8 with a Kernel Space Mirroring Attack
- Entering God Mode — The Kernel Space Mirroring Attack
- Linux-Kernel-Exploit Stack Smashing
- FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities
- Leak kernel pointer by exploiting uninitialized uses in Linux kernel
- Kepler: Facilitating Control-flow Hijacking Primitive Evaluation for Linux Kernel Vulnerabilities
- USENIX Security '19 - KEPLER: Facilitating Control-flow Hijacking Primitive Evaluation for Linux
- Exploiting Race Conditions Using the Scheduler - Jann Horn, Google
- DEF CON 24 - Ulf Frisk - Direct Memory Attack the Kernel
- Using userfaultfd
- Breaking KASLR with perf
- Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying
- New Reliable Android Kernel Root Exploitation Techniques
- Linux kernel addr_limit bug / exploitation
- Kernel Driver mmap Handler Exploitation
- Escalating Privileges in Linux using Voltage Fault Injection
- timer_list结构体在linux内核漏洞利用中的使用
- Stackjacking Your Way to grsec/PaX Bypass
- Stackjacking
- The stack is back
- The Linux kernel memory allocators from an exploitation perspective
- Attacking hardened Linux systems with kernel JIT spraying
- Exploiting Linux Kernel Heap Corruptions (SLUB Allocator)
- Black Hat USA 2013 - Hacking like in the Movies: Visualizing Page Tables for Local Exploitation
- From Collision To Exploitation: Unleashing Use-After-Free Vulnerabilities in Linux Kernel
- Kernel Data Attack is a Realistic Security Threat
- Randomization can’t stop BPF JIT spray
- The story of exploiting kmalloc() overflow
- Linux 2.6 Kernel Exploits
- The story of exploiting kmalloc() overflows v.0.2.1
- Attacking the Core : Kernel Exploiting Notes
- Exploiting Stack Overflows in the Linux Kernel
- An Analysis of Linux Kernel Heap Hardening
- Weaknesses in Linux Kernel Heap Hardening
- TagBleed: Breaking KASLR on the Isolated Kernel Address Space using Tagged TLBs
- SELinux RKP misconfiguration on Samsung S20 devices
- CCS 2016 - Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR
- Micro architecture attacks on KASLR
- Linux Kernel x86-64 bypass SMEP - KASLR - kptr_restric
- Lifting the (Hyper) Visor: Bypassing Samsung’s Real-Time Kernel Protection
- KNOX Kernel Mitigation Bypasses
- PAN
- Bypassing Linux' NULL pointer dereference exploit prevention (mmap_min_addr)
- SMEP: What is It, and How to Beat It on Linux
- ret2dir: Deconstructing Kernel Isolation
- Effectively bypassing kptr_restrict on Android
- CCS 2016 - Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR
- CVE-2018-3639/CVE-2019-7308—Spectre攻击linux内核ebpf的分析
- PLATYPUS:Software-based Power Side-Channel Attacks on x86
- VDSO As A Potential KASLR Oracle
- Spectre exploits in the "wild"
- Linux Kernel /proc/pid/syscall information disclosure vulnerability
- SSD Advisory – Samsung S10+/S9 kernel 4.14 (Android 10) Kernel Function Address (.text) and Heap Address Information Leak
- Linux Kernel getname() Stack Memory Disclosures
- Linux Kernel x86-64 Register Leak
- Linux Kernel pktcdvd Memory Disclosure
- Exploiting a Linux Kernel Infoleak to bypass Linux kASLR
- The Infoleak that (Mostly) Wasn't
- Linux kernel 2.6.0 to 4.12-rc4 infoleak due to a data race in ALSA timer
- Linux kernel: CVE-2017-18344: arbitrary-read vulnerability in the timer subsystem
- Exploitation of a double free vulnerability in Ubuntu shiftfs driver (CVE-2021-3492)
- CVE-2021-22555: Turning \x00\x00 into 10000$
- Sequoia: A deep root in Linux's filesystem layer (CVE-2021-33909)
- Kernel Pwning with eBPF: a Love Story
- CVE-2021-34866 Writeup
- SuDump: Exploiting suid binaries through the kernel
- How a simple Linux kernel memory corruption bug can lead to complete system compromise
- In-the-Wild Series: Android Exploits
- Galaxy's Meltdown - Exploiting SVE-2020-18610
- The curious case of CVE-2020-14381
- CVE-2014-3153
- Improving the exploit for CVE-2021-26708 in the Linux kernel to bypass LKRG
- Four Bytes of Power: Exploiting CVE-2021-26708 in the Linux kernel
- New Old Bugs in the Linux Kernel
- One day short of a full chain: Part 1 - Android Kernel arbitrary code execution
- CVE-2021-20226: A Reference-Counting Bug in the Linux Kernel io_uring Subsystem
- A Nerve-Racking Bug Collision in Samsung's NPU Driver
- SSD Advisory – OverlayFS PE
- ZDI-20-1440 Writeup
- ZDI-20-1440: An Incorrect Calculation Bug in the Linux Kernel eBPF Verifier
- Blue Klotski (CVE-2021-3573) and the story for fixing
- CVE-2021-3609: CAN BCM local privilege escalation
- CVE-2021-32606: CAN ISOTP local privilege escalation
- CVE-2021–20226 a reference counting bug which leads to local privilege escalation in io_uring.
- CVE-2020-8835: Linux Kernel Privilege Escalation via Improper eBPF Program Verification
- OffensiveCon20 - Eloi Sanfelix - A Bug Collision Tale
- Exploiting CVE-2020-0041 - Part 2: Escalating to root
- Binder - Analysis and exploitation of CVE-2020-0041
- Attacking the Qualcomm Adreno GPU
- CVE-2020-14386: Privilege Escalation Vulnerability in the Linux kernel
- D1T2 - Kernel Exploitation with a File System Fuzzer
- Exploiting a Single Instruction Race Condition in Binder
- An iOS hacker tries Android
- Exploiting CVE-2014-3153 (Towelroot)
- Bad Binder: Android In-The-Wild Exploit
- Kernel Research / mmap handler exploitation
- Multiple Kernel Vulnerabilities Affecting All Qualcomm Devices
- Stream Cut: Android Kernel Exploitation with Binder Use-After-Free (CVE-2019-2215)