i'll admit - when i found it, i wasn't totally sure if i could get LPE with this strange little kernel bug alone. it took triggering the vuln 4x to do a full privesc with #CVE-2021-41073, a vuln in io_uring. blog post soon :)

Exciting news! 🚀 Just dropped my blogpost unveiling the universal Linux kernel LPE PoC for CVE-2024-1086 (working on v5.14 - v6.7) used for pwning Debian, Ubuntu, and KernelCTF Mitigation instances, including novel techniques like Dirty Pagedirectory 🧵 pwning.tech/nftables

Linux kernel vulnerability analysis (CVE-2023-0179) and exploitation to achieve Local Privilege Escalation (LPE) Credits Davide Ornaghi (Davide Ornaghi) Part 1: betrusted.it/blog/64-bytes-… Part 2: betrusted.it/blog/64-bytes-… #lpe #infosec

Learn how an out-of-bounds write vulnerability in the Linux kernel can be exploited to achieve an LPE (CVE-2025-0927) ssd-disclosure.com/ssd-advisory-l…

Unknown Fluid Management roddux Canonical Ubuntu Both vulns where kernel interfaces that are historically root only (and therefore aren't as hardened vs untrusted input) are accessible to non-root who can exploit for LPE. CVE-2024-1086=>userns=>nftables, CVE-2025-0927=>polkit/FS_USERNS_MOUNT=>HFS+ (see Exploitability section)

Meet our new buddy, Argusee — an AI-powered, automated vulnerability hunter that has already discovered 15+ vulnerabilities across projects, including a previously unknown Linux kernel flaw (CVE-2025-37891) enabling LPE. Demo and details: darknavy.org/blog/argusee_a…

Great CVE: lore.kernel.org/linux-cve-anno…

#grsecurity users are unaffected by CVE-2025-32463 (sudo chroot option privesc) when a feature available since 2021 is enabled. Customers can view our KB article on an earlier vulnerability this year, CVE-2025-4802 for glibc, to see how exploitation is prevented in the same way.

Can we statistically estimate how likely an LLM-generated program is correct w/o knowing what is a correct program for that task? Sounds impossible-but it's actually really simple. In fact our oracle-less eval can reliably substitute a pass@1 based eval. arxiv.org/abs/2507.00057

Writeup for my first kCTF - CVE-2023-52927😋 seadragnol.github.io/posts/CVE-2023…

ssd-disclosure.com/ssd-advisory-l…

Love #syzkaller? Our sibling team at Google is looking for #Linux Kernel Fuzzing & Hardening specialist in Zurich. If KASAN/UBSAN/KCOV are your tools of the trade, we want to talk. google.com/about/careers/…

Coincidentally this repeats a lot of what I explored during my thesis for fuzzing the Linux kernel TLDR- enriched corpus is empirically effective and more practical for improving fuzzer performance. sciencedirect.com/science/articl… Rohan Padhye Dmitry Vyukov

External fuzzing of USB drivers with Syzkaller docs.google.com/presentation/d… Credits Andrey Konovalov #infosec #fuzzing

Exploiting CVE-2025-37752: array-Out-Of-Bounds vulnerability in the Linux network packet scheduler syst3mfailure.io/two-bytes-of-m… #infosec #Linux

Coroutine Frame-Oriented Programming: Breaking Control Flow Integrity by Abusing Modern C++ i.blackhat.com/BH-USA-25/Pres… Marcos Bajo(Marcos Bajo) & Christian Rossow(Christian Rossow (@[email protected]))

Here’s the source code of our #AIxCC winning team Team Atlanta, enjoy! github.com/Team-Atlanta/a… More things TBA

Dmitry Vyukov Theori Trail of Bits FWIW, Trail of Bits spent the last month divorcing our system from the competition framework so you can run it on your laptop against real codebases. github.com/trailofbits/bu…