CVE-2024-1065 is a physical-page use-after-free in the ARM Mali GPU kernel driver. Because the freed page lands in MIGRATE_MOVABLE, Dirty Pagetable and Dirty Cred do not apply — so this writeup uses a page-cache spray to swap the freed page into the in-memory copy of /usr/bin/passwd and gets root via execve() without touching disk. core-jmp.org/2026/06/cve-202… #ARMMaliGPU #ARM64 #CVE20241065 #DirtyPagetable #kernel #KernelExploit #KernelExploitation #KernelShellcode #KernelUAF #LinuxKernel #LinuxKernelExploitation #LocalPrivilegeEscalation #MaliExploitation #MIGRATE_MOVABLE #PageCacheCorruption #PageCacheExploitation #PhysicalPageUAF #PrivilegeEscalation #ProjectZero #shellcode #SUIDExploitation #UseAfterFree

I added a kernel shellcode generator to the #PowerShell PSKernel-Primitives repo -> Get-KernelShellCode: github.com/FuzzySecurity/PSK…