July/August updates

1 files changed, 32 insertions, 4 deletions

diff --git a/README.md b/README.md
index a48d654..d68747c 100644
--- a/README.md
+++ b/README.md
@@ -52,6 +52,8 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 
 ### Exploitation
 
+[2025: "System Register Hijacking: Compromising Kernel Integrity By Turning System Registers Against the System"](https://kylebot.net/papers/ret2entry.pdf) [paper]
+
 [2025: "Linux Kernel Exploitation for Beginners" by Kevin Massey](https://rvasec.com/slides/2025/Massey_Linux_Kernel_Exploitation_For_Beginners.pdf) [slides] [[video](https://www.youtube.com/watch?v=YfjHCt4SzQc)]
 
 [2025: "KernelGP: Racing Against the Android Kernel" by Chariton Karamitas](https://www.youtube.com/watch?v=DJBGu2fSSZg) [video]
@@ -96,7 +98,7 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 
 [2024: "Beyond Control: Exploring Novel File System Objects for Data-Only Attacks on Linux Systems"](https://arxiv.org/pdf/2401.17618.pdf) [paper]
 
-[2023: "Deep-Kernel Treasure Hunt: Finding exploitable structures in the Linux kernel" by Yudai Fujiwara](https://codeblue.jp/2023/result/pdf/cb23-deep-kernel-treasure-hunt-finding-exploitable-structures-in-the-linux-kernel-by-yudai-fujiwara.pdf) [slides] [[video](https://www.youtube.com/watch?v=mamm_23fHD4)]
+[2023: "Deep-Kernel Treasure Hunt: Finding exploitable structures in the Linux kernel" by Yudai Fujiwara](https://archive.codeblue.jp/2023/result/pdf/cb23-deep-kernel-treasure-hunt-finding-exploitable-structures-in-the-linux-kernel-by-yudai-fujiwara.pdf) [slides] [[video](https://www.youtube.com/watch?v=mamm_23fHD4)]
 
 [2023: "D^ 3CTF2023 d3kcache: From null-byte cross-cache overflow to infinite arbitrary read & write."](https://blog.arttnba3.cn/2023/05/02/CTF-0X08_D3CTF2023_D3KCACHE/) [article]
 
@@ -470,6 +472,18 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 
 ### LPE
 
+[2025: "Kernel-hack-drill and a new approach to exploiting CVE-2024-50264 in the Linux kernel" by Alexander Popov](https://a13xp0p0v.github.io/2025/09/02/kernel-hack-drill-and-CVE-2024-50264.html) [article] [CVE-2024-50264]
+
+[2025: "A Walk Through Android Physical Memory: CVE-2025-21479 Privilege Escalation"](https://dawnslab.jd.com/android_gpu_attack_cve_2025_21479/) [article] [[comment](https://notnow.dev/notice/AxeTvYDZPDEvRjmLpY)] [CVE-2025-21479]
+
+[2025: "netfilter: ipset: Missing Range Check LPE"](https://ssd-disclosure.com/linux-kernel-netfilter-ipset-missing-range-check-lpe/) [article] [CVE_2024_53141]
+
+[2025: "From Chrome renderer code exec to kernel with MSG_OOB" by Jann Horn](https://googleprojectzero.blogspot.com/2025/08/from-chrome-renderer-code-exec-to-kernel.html) [article] [CVE-2025-38236]
+
+[2025: "[CVE-2025-38001] Exploiting All Google kernelCTF Instances And Debian 12 With A 0-Day For $82k: An RBTree Family Drama (Part One: LTS & COS)" by D3vil](https://syst3mfailure.io/rbtree-family-drama/) [article] [CVE-2025-38001]
+
+[2025: "Linux Kernel Pipapo Set Double Free LPE" by Slavin and Le Premier Homme](https://ssd-disclosure.com/ssd-advisory-linux-kernel-pipapo-set-double-free-lpe/) [article] [CVE-UNKNOWN]
+
 [2025: "The tragedy of Netfilter Tunnel: CVE-2025-22056"](https://dawnslab.jd.com/CVE-2025-22056/) [article] [CVE-2025-22056]
 
 [2025: "Solo: A Pixel 6 Pro Story (When one bug is all you need)" by Lin Ze Wei](https://starlabs.sg/blog/2025/06-solo-a-pixel-6-pro-story-when-one-bug-is-all-you-need/) [article] [CVE-2023-48409] [CVE-2023-26083]
@@ -1179,7 +1193,9 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 
 ## Finding Bugs
 
-[2025: "Bypassing Kernel Barriers: Fuzzing Linux Kernel in Userspace with LKL" by Eugene Rodionov and Xuan Xing](https://static.sched.com/hosted_files/lssna2025/01/Bypass%20Kernel%20Barriers_%20Fuzzing%20Linux%20Kernel%20in%20Userspace%20with%20LKL.pdf) [slides]
+[2025: "MCP AI agents for the Linux kernel development" by Sabyrzhan Tasbolatov](https://docs.google.com/presentation/d/e/2PACX-1vRb56kZ4L81aixA416A7SWYr7zSK694RxM5L57hAV1g6IPEiYv9Y8ciQtLYkrEujoUxkp3jEtbT0NVW/pub?start=false&loop=false&delayms=3000&slide=id.p) [slides] [[code](https://github.com/novitoll/mcp-linux-kernel)]
+
+[2025: "Bypassing Kernel Barriers: Fuzzing Linux Kernel in Userspace with LKL" by Eugene Rodionov and Xuan Xing](https://static.sched.com/hosted_files/lssna2025/01/Bypass%20Kernel%20Barriers_%20Fuzzing%20Linux%20Kernel%20in%20Userspace%20with%20LKL.pdf) [slides] [[video](https://www.youtube.com/watch?v=Wxmi-2ROYNk)] [[code](https://github.com/lkl/linux/tree/master/tools/lkl/fuzzers)]
 
 [2025: "Fuzzing Linux Kernel Modules" by Slava Moskvin](https://www.youtube.com/live/uCcsZrXyLyE) [video] [[code](https://github.com/sl4v/hfsplus-kernel-fuzzing-demo)]
 
@@ -1189,7 +1205,7 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 
 [2025: "Unlocking Low Frequency Syscalls in Kernel Fuzzing with Dependency-Based RAG"](https://dl.acm.org/doi/pdf/10.1145/3728913) [paper] [[code](https://github.com/QGrain/SyzGPT)]
 
-[2025: "External fuzzing of USB drivers with syzkaller" by Andrey Konovalov](https://docs.google.com/presentation/d/1NulLxRowsHzgcL1AFzNF_w8nh3zk2BKKPfGi_1j76A8/edit?usp=sharing) [slides] [CVE-2024-53104]
+[2025: "External fuzzing of Linux kernel USB drivers with syzkaller" by Andrey Konovalov](https://docs.google.com/presentation/d/1ba7Au3Gt6dEQAsfZmjUdzjVWHKxE_EdaJGU9WOSF-Ts/edit?usp=sharing) [slides] [CVE-2024-53104]
 
 [2025: "A Little Goes a Long Way: Tuning Configuration Selection for Continuous Kernel Fuzzing" by Sanan Hasanov et al.](https://paulgazzillo.com/papers/icse25.pdf) [paper]
 
@@ -1201,6 +1217,8 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 
 [2025: "ksmbd vulnerability research" by Norbert Szetei](https://blog.doyensec.com/2025/01/07/ksmbd-1.html) [article]
 
+[2025: "ksmbd - Fuzzing Improvements and Vulnerability Discovery (2/3)" by Norbert Szetei](https://blog.doyensec.com/2025/09/02/ksmbd-2.html) [article]
+
 [2025: "Uncovering New Classes of Kernel Vulnerabilities" by Jakob Koschel](https://research.vu.nl/ws/portalfiles/portal/380101013/thesis%20-%20674c5b8426eb2.pdf) [thesis]
 
 [2024: "CountDown: Refcount-guided Fuzzing for Exposing Temporal Memory Errors in Linux Kernel" by Shuangpeng Bai et al.](https://huhong789.github.io/papers/bai:countdown.pdf) [paper]
@@ -1516,7 +1534,7 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 
 ["Linux Kernel Defence Map" by Alexander Popov](https://github.com/a13xp0p0v/linux-kernel-defence-map)
 
-[2025: "Linux Kernel Hardening: Ten Years Deep" by Kees Cook](https://outflux.net/slides/2025/lss/kspp-decade.pdf) [slides]
+[2025: "Linux Kernel Hardening: Ten Years Deep" by Kees Cook](https://outflux.net/slides/2025/lss/kspp-decade.pdf) [slides] [[video](https://www.youtube.com/watch?v=c_NxzSRG50g)]
 
 [2025: "IUBIK: Isolating User Bytes in Commodity Operating System Kernels via Memory Tagging Extensions" by Marius Momeu et al.](https://www.computer.org/csdl/proceedings-article/sp/2025/223600a829/26hiTXrQMjS) [paper]
 
@@ -1885,6 +1903,8 @@ https://github.com/LLfam/foob
 
 https://github.com/zhuowei/cheese
 
+https://github.com/FreeXR/eureka_panther-adreno-gpu-exploit-1 [CVE-2025-21479]
+
 
 ## Tools
 
@@ -2005,6 +2025,8 @@ https://oracle.github.io/kconfigs/
 
 https://github.com/google/kernel-research
 
+https://github.com/Bariskizilkaya/OphthalmosMono
+
 
 ## Practice
 
@@ -2234,6 +2256,12 @@ https://github.com/0xor0ne/awesome-list/
 
 ## Misc
 
+[2025: "Qualcomm DSP Kernel Internals" by Shreyas Penkar](https://streypaws.github.io/posts/DSP-Kernel-Internals/) [article]
+
+[2025: "Debugging the Pixel 8 kernel via KGDB" by Andrey Konovalov](https://xairy.io/articles/pixel-kgdb) [article]
+
+[2025: "Triaging CVEs for the Linux Kernel" by Christoph Steiger](https://opensource.siemens.com/events/2025/slides/Christoph_Steiger__Triaging_CVEs_for_the_Linux_Kernel.pdf) [slides] [[video](https://www.youtube.com/watch?v=YAJOPgehFT0)]
+
 [2025: "Beating the kCTF PoW with AVX512IFMA for $51k" by Timothy Herchen](https://anemato.de/blog/kctf-vdf) [article]
 
 [2025: "Redefining Indirect Call Analysis with KallGraph" by Guoren Li et al.](https://www.cs.ucr.edu/%7Ezhiyunq/pub/oakland25_indirect_call.pdf) [paper] [[code](https://github.com/seclab-ucr/KallGraph)]