January/February updates

author: Andrey Konovalov 2023-03-01 16:12:58 +0100
committer: Andrey Konovalov 2023-03-01 16:12:58 +0100
commit: 072111e41134262736fb4aff834176e422f40824 (patch)
tree: 219651a657d2999e0b01a10848011db1ff37174d /README.md
parent: 3347626984a6a5dbd9075c097e8a9bfa0923198b (diff)
1 files changed, 17 insertions, 1 deletions
diff --git a/README.md b/README.md
index 7d404bd..72b97e5 100644
--- a/README.md
+++ b/README.md
@@ -52,6 +52,10 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 ### Exploitation
+[2023: "Exploiting null-dereferences in the Linux kernel" by Seth Jenkins](https://googleprojectzero.blogspot.com/2023/01/exploiting-null-dereferences-in-linux.html)
+[2023: "PSPRAY: Timing Side-Channel based Linux Kernel Heap Exploitation Technique"](https://www.usenix.org/system/files/sec23summer_79-lee-prepub.pdf) [paper]
 [2022: "FUSE for Linux Exploitation 101"](https://exploiter.dev/blog/2022/FUSE-exploit.html) [article]
 [2022: "Kernel Exploit Recipes"](https://drive.google.com/file/d/1kRHgQ9qDr4vgxJ4rVL-UNKvCamva_TRB/view) [brochure]
@@ -277,6 +281,8 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 ### Info-leaks
+[2023: "The code that wasn’t there: Reading memory on an Android device by accident" by Man Yue Mo](https://github.blog/2023-02-23-the-code-that-wasnt-there-reading-memory-on-an-android-device-by-accident/) [article] [CVE-2022-25664]
 [2022: "EntryBleed: Breaking KASLR under KPTI with Prefetch (CVE-2022-4543)"](https://www.willsroot.io/2022/12/entrybleed.html) [article] [CVE-2022-4543]
 [2022: "Yet another bug into Netfilter" by Arthur Mongodin](https://www.randorisec.fr/yet-another-bug-netfilter/) [article] [CVE-2022-1972]
@@ -320,7 +326,7 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 ### LPE
-[2023: "Pwning the all Google phone with a non-Google bug"](https://github.blog/2023-01-23-pwning-the-all-google-phone-with-a-non-google-bug/) [article]
+[2023: "Pwning the all Google phone with a non-Google bug"](https://github.blog/2023-01-23-pwning-the-all-google-phone-with-a-non-google-bug/) [article] [CVE-2022-38181]
 [2022: "Linux Kernel: Exploiting a Netfilter Use-after-Free in kmalloc-cg" by Sergi Martinez](https://blog.exodusintel.com/2022/12/19/linux-kernel-exploiting-a-netfilter-use-after-free-in-kmalloc-cg/) [article] [CVE-2022-32250]
@@ -781,6 +787,12 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 ## Finding Bugs
+[2023: "No Grammar, No Problem: Towards Fuzzing the Linux Kernel without System-Call Descriptions"](https://www.ndss-symposium.org/wp-content/uploads/2023/02/ndss2023_f688_paper.pdf) [paper]
+[2023: "FirmSolo: Enabling dynamic analysis of binary Linux-based IoT kernel modules"](https://www.usenix.org/system/files/sec23summer_190-angelakopoulos-prepub.pdf) [paper]
+[2022: "Breaking the Glass Sandbox - Find Linux Kernel Bugs and Escape" by Valentina Palmiotti at REcon](https://cfp.recon.cx/media/2022/submissions/EVBN3B/resources/recon_7TKNBIm.pdf) [slides] [[video](https://www.youtube.com/watch?v=2R46lJsOOTE)]
 [2022: "Sanitizing the Linux kernel: On KASAN and other Dynamic Bug-finding Tools" by Andrey Konovalov](https://docs.google.com/presentation/d/1qA8fqRDHKX_WM_ZdDN37EQQZwSTNJ4FFws82tbUSKxY/edit?usp=sharing) [slides] [[video](https://www.youtube.com/watch?v=KmFVPyHyfqQ)] [[article](https://lwn.net/Articles/909245/)]
 [2022: "PrIntFuzz: Fuzzing Linux Drivers via Automated Virtual Device Simulation"](https://dl.acm.org/doi/pdf/10.1145/3533767.3534226) [paper]
@@ -1004,6 +1016,8 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 ["Linux Kernel Defence Map" by Alexander Popov](https://github.com/a13xp0p0v/linux-kernel-defence-map)
+[2023: "Bounded Flexible Arrays in C" by Kees Cook](https://people.kernel.org/kees/bounded-flexible-arrays-in-c) [article]
 [2022: "Canary in the Kernel Mine: Exploiting and Defending Against Same-Type Object Reuse" by Mathias Krause](https://grsecurity.net/exploiting_and_defending_against_same_type_object_reuse) [article] [[reference exploits](https://github.com/opensrcsec/same_type_object_reuse_exploits)]
 [2022: "Making Linux Kernel Exploit Cooking Harder"](https://security.googleblog.com/2022/08/making-linux-kernel-exploit-cooking.html) [article] [[reference exploits](https://docs.google.com/document/d/1a9uUAISBzw3ur1aLQqKc5JOQLaJYiOP5pe_B4xCT1KA/edit?usp=sharing)] [[proposed mitigations](https://github.com/thejh/linux/blob/slub-virtual/MITIGATION_README)]
@@ -1517,6 +1531,8 @@ https://github.com/crowell/old_blog/blob/source/source/_posts/2014-11-24-hosting
 ## Misc
+[2023: "Analysing Linux Kernel Commits"](https://sam4k.com/analysing-linux-kernel-commits/) [article]
 [2022: "Mind the Gap" by Ian Beer](https://googleprojectzero.blogspot.com/2022/11/mind-the-gap.html) [article]
 [2022: "Designing subsystems for FUZZ-ability" by Dmitry Vyukov](https://lpc.events/event/16/contributions/1309/attachments/988/1979/Designing%20subsystems%20for%20testability_fuzzing%20%28PDF%20version%29.pdf) [slides] [[video](https://www.youtube.com/watch?v=zmF_AswbVbQ)]
author	Andrey Konovalov	2023-03-01 16:12:58 +0100
committer	Andrey Konovalov	2023-03-01 16:12:58 +0100
commit	072111e41134262736fb4aff834176e422f40824 (patch)
tree	219651a657d2999e0b01a10848011db1ff37174d /README.md
parent	3347626984a6a5dbd9075c097e8a9bfa0923198b (diff)