@linkersec profile picture
Linux Kernel Security @linkersec
Joined September 2021
  • Tweets 421
  • Following 0
  • Followers 10,241
126 Photos and videos
Unix GC Remastered Article by @AcherirMoe about the internals of the new Unix sockets garbage collector implementation and the analysis of CVE-2025-40214, which was used in a kernelCTF entry. mohandacherir.github.io/Qdiv…
9
42
2,151
PinTheft Linux LPE Aaron Esau published an LPE exploit for a page double-free bug in the RDS zerocopy implementation, which can be turned into a page-cache overwrite through io_uring github.com/v12-security/pocs…
6
35
2,110
Logic bug in the Linux kernel's __ptrace_may_access() function (CVE-2026-46333) Article about a logical bug in ptrace implementation that allows getting access to file descriptors of other processes and thus escalating privileges in certain scenarios. cdn2.qualys.com/advisory/202…
3
26
162
12,969
StepStone: LLM-Based GPU Kernel Driver Fuzzing via User-Space Libraries Paper by @ETenal7 et. al about using LLMs for generating syzkaller descriptions for fuzzing GPU drivers via their userspace libraries APIs. cs.ucr.edu/~zhiyunq/pub/oa…
2
31
122
8,953
Privilege Escalation via a Page Use-After-Free in Qualcomm's AI Accelerator Linux Kernel Driver Article by Lukas Maar about exploiting a bug in the mmap handler of the QAIC driver that causes a page UAF. lukasmaar.github.io/posts/qa…
49
257
11,605
Discovery & Validation in the Linux Kernel Three-part article by @sam4k1 about analyzing two vulnerabilities (in CAN sockets and FUSE) and attempting to use local LLMs to rediscover the bugs. Final part: bynar.io/blog/discovery-vali…
1
13
53
4,524
Recent Page Cache Corruption Bugs All stem from code paths that allow in-place overwrites of user-supplied input pages without verifying they are writable. This enables overwriting page cache and thus changing in-memory contents of read-only files. Selected links below ⬇️
1
11
42
5,527
more replies
Fragnesia (CVE-2026-46300) Original report: github.com/v12-security/pocs… Variant: github.com/v12-security/pocs…

1
2
705
DirtyCBC / DirtyDecrypt (CVE-2026-31635?) Write-up: github.com/Delphos-Labs/disc… Another exploit: github.com/v12-security/pocs…
5
682
Some notes on the security properties of the pipe_buffer kernel object @a13xp0p0v (me) posted an article describing multiple pipe_buffer features relevant for the Linux kernel exploits that rely on this object a13xp0p0v.github.io/2026/04/…

Some notes on the security properties of the pipe_buffer kernel object

Many exploits of Linux kernel vulnerabilities use the pipe_buffer kernel object to build strong exploit primitives. When I was experimenting with my personal project kernel-hack-drill, I discovered...

a13xp0p0v.github.io
9
63
5,285
Out-of-Cancel: A Vulnerability Class Rooted in Workqueue Cancellation APIs @v4bel published an article describing a complicated exploit of a race condition caused by a misuse of the cancel_work_sync() kernel API in the network subsystem v4bel.github.io/linux/2026/0…
1
17
75
6,568
Walkthrough of an N-day Android GPU driver vulnerability Talk by Angus about analyzing CVE-2022-22706 — a logical bug in the Mali GPU driver that allows getting write access to read-only memory. youtube.com/watch?v=G71dB0C4…

Walkthrough of an N-day Android GPU driver vulnerability - Angus,...

Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.

youtube.com
18
90
9,073
From KernelSnitch to Practical msg_msg/pipe_buffer Heap KASLR Leaks Article by Lukas Maar about evaluating the KernelSnitch timing side-channel attack on a variety of systems, including Android. lukasmaar.github.io/posts/he…
1
22
89
4,939
The attack allows leaking addresses of exploitation-relevant kernel allocations. Lukas also published the source code for executing the attack. github.com/lukasmaar/kernels…

GitHub - lukasmaar/kernelsnitch: A software-only timing side channel combined with cross-cache...

A software-only timing side channel combined with cross-cache reuse to leak exploit-relevant kernel heap objects across Linux, KernelCTF, and Android. - lukasmaar/kernelsnitch

github.com
6
9
1,491
Assessing Claude Mythos Preview’s cybersecurity capabilities Article by Nicholas Carlini et. al about the security research capabilities of the new Anthropic's LLM called Claude Mythos Preview. red.anthropic.com/2026/mytho…
1
3
31
2,682
The LLM was used to discover multiple 0-days in the Linux kernel and also write privilege escalation exploits for a few previously known vulnerabilities; the article provides a detailed write-up for two such exploits.
2
957
slab: support for compiler-assisted type-based slab cache partitioning @maelver posted a kernel patch that provides an alternative mode to RANDOM_KMALLOC_CACHES called TYPED_KMALLOC_CACHES. lore.kernel.org/all/20260331…
1
3
12
1,459
The new mode leverages a Clang 22 feature called "allocation tokens". Unlike RANDOM_KMALLOC_CACHES, this mode deterministically assigns caches to allocations based on their types, and not allocation sites.
4
710
Load more