My personal blog about OS kernel development and security – https://a13xp0p0v.github.io/| Alexander Popov
В январе 2021 года я обнаружил и устранил пять уязвимостей в реализации виртуальных сокетов ядра Linux, которые получили идентификатор CVE-2021-26708. В этой статье я детально расскажу об эксплуатации одной из них с целью локального повышения привилегий на Fedora 33 Server для платформы x8...| Alexander Popov
In this guest blog, Zhenpeng Lin details the three-month evaluation he performed of AUTOSLAB during a research internship with Open Source Security, Inc. AUTOSLAB is a compiler-plugin-enhanced feature of grsecurity introduced in 2020 that provides some interesting security and debug properties. The evaluation covers the completeness of AUTOSLAB's approach, how exploitation is changed, and how it affects performance.| grsecurity.net
CVE-2021-26708 is assigned to five race condition bugs in the virtual socket implementation of the Linux kernel. I discovered and fixed them in January 2021. In this article I describe how to exploit them for local privilege escalation on Fedora 33 Server for x86_64, bypassing SMEP and SMAP.| Alexander Popov