This article discloses the exploitation of CVE-2017-2636, which is a race condition in the n_hdlc Linux kernel driver. My PoC exploit for x86_64 gains root privileges bypassing Supervisor Mode Execution Protection (SMEP).| Alexander Popov
This article discloses exploitation of CVE-2019-18683, which refers to multiple five-year-old race conditions in the V4L2 subsystem of the Linux kernel. I found and fixed them at the end of 2019. Here I'm going to describe a PoC exploit for x86_64 that gains local privilege escalation from the kernel thread context (where the userspace is not mapped), bypassing KASLR, SMEP, and SMAP on Ubuntu Server 18.04.| Alexander Popov
This is the follow-up to my research described in the article "Four Bytes of Power: Exploiting CVE-2021-26708 in the Linux kernel." My PoC exploit for CVE-2021-26708 had a very limited facility for privilege escalation, and I decided to continue my experiments with that vulnerability. This article describes how I improved the exploit, added a full-power ROP chain, and implemented a new method of bypassing the Linux Kernel Runtime Guard (LKRG).| Alexander Popov
Using syzkaller to fuzz the Linux kernel network stack externally| Andrey Konovalov