May/June updates

1 files changed, 59 insertions, 5 deletions

diff --git a/README.md b/README.md
index 14a81a5..a48d654 100644
--- a/README.md
+++ b/README.md
@@ -52,6 +52,12 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 
 ### Exploitation
 
+[2025: "Linux Kernel Exploitation for Beginners" by Kevin Massey](https://rvasec.com/slides/2025/Massey_Linux_Kernel_Exploitation_For_Beginners.pdf) [slides] [[video](https://www.youtube.com/watch?v=YfjHCt4SzQc)]
+
+[2025: "KernelGP: Racing Against the Android Kernel" by Chariton Karamitas](https://www.youtube.com/watch?v=DJBGu2fSSZg) [video]
+
+[2025: "Control Flow Hijacking in the Linux Kernel" by Valeriy Yashnikov](https://pt-phdays.storage.yandexcloud.net/Yashnikov_Valerij_Obhod_sredstv_zashhity_yadra_Linux_pri_perehvate_potoka_upravleniya_compressed_373ea39bd6.pdf) [slides] [[video](https://phdays.com/en/forum/broadcast/?talk=2291&selectedDate=Fri+May+23+2025+00%3A00%3A00+GMT%2B0200+%28Central+European+Summer+Time%29&selectedTagSlug=positive-labs)]
+
 [2025: "Kernel Exploitation Techniques: Turning The (Page) Tables" by Samuel Page](https://sam4k.com/page-table-kernel-exploitation/) [article]
 
 [2025: "Linux Kernel Exploitation series" by r1ru](https://r1ru.github.io/categories/linux-kernel-exploitation/) [articles] [[code](https://github.com/r1ru/linux-kernel-exploitation)]
@@ -303,6 +309,10 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 
 ### Protection Bypasses
 
+[2025: "The Journey of Bypassing Ubuntu’s Unprivileged Namespace Restriction" by Pumpkin Chang](https://u1f383.github.io/linux/2025/06/26/the-journey-of-bypassing-ubuntus-unprivileged-namespace-restriction.html) [article]
+
+[2025: "Exploring Kernel Address Leakage via WARN()" by Pumpkin Chang](https://u1f383.github.io/linux/2025/06/14/exploring-kernel-address-leakage-via-WARN.html) [article]
+
 [2025: "Three bypasses of Ubuntu's unprivileged user namespace restrictions"](https://www.qualys.com/2025/three-bypasses-of-Ubuntu-unprivileged-user-namespace-restrictions.txt) [article]
 
 [2025: "A hole in FineIBT protection" by Jonathan Corbet](https://lwn.net/Articles/1011680/) [article]
@@ -401,6 +411,8 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 
 ### Info-leaks
 
+[2025: "Use-after-free in CAN BCM subsystem leading to information disclosure (CVE-2023-52922)"](https://allelesecurity.com/use-after-free-vulnerability-in-can-bcm-subsystem-leading-to-information-disclosure-cve-2023-52922/) [article] [CVE-2023-52922]
+
 [2025: "KernelSnitch: Side-Channel Attacks on Kernel Data Structures" by Lukas Maar et al.](https://lukasmaar.github.io/papers/ndss25-kernelsnitch.pdf) [paper] [[slides](https://i.blackhat.com/Asia-25/Asia-25-Maar-KernelSnitch.pdf)]
 
 [2024: "Linux vDSO & VVAR" by Pumpkin Chang](https://u1f383.github.io/linux/2024/12/11/linux-vdso-and-vvar.html) [article] [CVE-2023-23586]
@@ -458,6 +470,14 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 
 ### LPE
 
+[2025: "The tragedy of Netfilter Tunnel: CVE-2025-22056"](https://dawnslab.jd.com/CVE-2025-22056/) [article] [CVE-2025-22056]
+
+[2025: "Solo: A Pixel 6 Pro Story (When one bug is all you need)" by Lin Ze Wei](https://starlabs.sg/blog/2025/06-solo-a-pixel-6-pro-story-when-one-bug-is-all-you-need/) [article] [CVE-2023-48409] [CVE-2023-26083]
+
+[2025: "Bypassing MTE with CVE-2025-0072" by Man Yue Mo](https://github.blog/security/vulnerability-research/bypassing-mte-with-cve-2025-0072/) [article] [CVE-2025-0072]
+
+[2025: "Skin in the Game: Survival of GPU IOMMU Irregular Damage" by Fish and Ling Hanqin](https://www.youtube.com/watch?v=e4t_xYPOq9w) [video] [CVE-2022-38181] [CVE-2023-6241] [CVE-2023-33107] [CVE-2024-23372] [CVE-2024-31333]
+
 [2025: "[CVE-2025-37752] Two Bytes Of Madness: Pwning The Linux Kernel With A 0x0000 Written 262636 Bytes Out-Of-Bounds" by D3vil](https://syst3mfailure.io/two-bytes-of-madness/) [article] [CVE-2025-37752]
 
 [2025: "Linux Kernel Exploitation: CVE-2025-21756: Attack of the Vsock" by Michael Hoefler](https://hoefler.dev/articles/vsock.html) [article] [CVE-2025-21756]
@@ -474,7 +494,9 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 
 [2025: "Mali-cious Intent: Exploiting GPU Vulnerabilities (CVE-2022-22706 / CVE-2021-39793)" by Ng Zhi Yang](https://starlabs.sg/blog/2025/12-mali-cious-intent-exploiting-gpu-vulnerabilities-cve-2022-22706/) [article] [CVE-2022-22706] [CVE-2021-39793]
 
-[2024: "The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit" by Seth Jenkins](https://googleprojectzero.blogspot.com/2024/12/qualcomm-dsp-driver-unexpectedly-excavating-exploit.html) [article] [CVE-2024-38402] [CVE-2024-21455] [CVE-2024-33060] [CVE-2024-49848] [CVE-2024-43047]
+[2025: "Introduction to Android GPU Vulnerability Attack and Defense"](https://dawnslab.jd.com/android_gpu_attack_defence_introduction/) [article] [CVE-2024-23380]
+
+[2024: "The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit" by Seth Jenkins](https://googleprojectzero.blogspot.com/2024/12/qualcomm-dsp-driver-unexpectedly-excavating-exploit.html) [article] [video](https://www.youtube.com/watch?v=lnK1iACJ3-c) [CVE-2024-38402] [CVE-2024-21455] [CVE-2024-33060] [CVE-2024-49848] [CVE-2024-43047]
 
 [2024: "OtterRoot: Netfilter Universal Root 1-day" by Pedro Pinto](https://osec.io/blog/2024-11-25-netfilter-universal-root-1-day) [article] [CVE-2024-26809]
 
@@ -596,6 +618,8 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 
 [2023: "Pwning the all Google phone with a non-Google bug"](https://github.blog/2023-01-23-pwning-the-all-google-phone-with-a-non-google-bug/) [article] [CVE-2022-38181]
 
+[2022: "Linux kernel io_uring module pbuf_ring vulnerability and privilege escalation 0day"](https://dawnslab.jd.com/linux-5.19-rc2_pbuf_ring_0day/) [article [CVE-UNKNOWN]
+
 [2022: "CVE-2022-1015: A validation flaw in Netfilter leading to Local Privilege Escalation" by Yordan Stoychev](https://anatomic.rip/cve-2022-1015/) [article] [CVE-2022-1015]
 
 [2022: "CVE-2022-22265: Samsung NPU device driver double free in Android" by Xingyu Jin](https://googleprojectzero.github.io/0days-in-the-wild/0day-RCAs/2022/CVE-2022-22265.html) [article] [CVE-2022-22265]
@@ -1006,8 +1030,12 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 
 ### Other
 
+[2025: "ZDI-25-310: Remote NULL Deref in Linux KSMBD" by Slava Moskvin](https://slavamoskvin.com/zdi-25-310-remote-null-deref-in-linux-ksmbd/) [article] [CVE-2025–22037]
+
 [2025: "CVE-2024-36904 - Use-after-free vulnerability in the TCP subsystem of the Linux kernel"](https://github.com/alleleintel/research/tree/master/CVE-2024-36904/) [article] [CVE-2024-36904]
 
+[2025: "Simply Analyzing Two N_GSM Vulnerabilities" by Pumpkin Chang](https://u1f383.github.io/linux/2025/03/31/simply-analyzing-two-n_gsm-vulnerabilities.html) [article] [CVE-2024-36016]
+
 [2025: "A Quick Note On Two mempolicy Vulnerabilities" by Pumpkin Chang](https://u1f383.github.io/linux/2025/03/30/a-quick-note-on-two-mempolicy-vulnerabilites.html) [article] [CVE-2022-49080] [CVE-2023-4611]
 
 [2025: "The Evolution of Dirty COW" by Pumpkin Chang](https://u1f383.github.io/linux/2025/03/27/the-evolution-of-COW-1.html) [article] [[part 2](https://u1f383.github.io/linux/2025/03/29/the-evolution-of-COW-2.html)] [CVE-2016-5195] [CVE-2017-1000405] [CVE-2022-2590]
@@ -1028,7 +1056,7 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 
 [2025: "Two Network-related vunlnerabilities Analysis" by Pumpkin Chang](https://u1f383.github.io/linux/2025/01/08/two-network-related-vulnerabilities-analysis.html) [article] [CVE-2023-6932] [CVE-2023-0461]
 
-[2025: "Cellebrite zero-day exploit used to target phone of Serbian student activist"](https://securitylab.amnesty.org/latest/2025/02/cellebrite-zero-day-exploit-used-to-target-phone-of-serbian-student-activist/) [article] [CVE-2024-53104] [CVE-2024-53197] [CVE-2024-50302] [[note 1](https://infosec.exchange/@zhuowei@notnow.dev/114130367739741197)] [[note 2](https://infosec.exchange/@zhuowei@notnow.dev/114323100736073083)] [[note 3](https://infosec.exchange/@zhuowei@notnow.dev/114329166341368428)] [[note 4](https://infosec.exchange/@zhuowei@notnow.dev/114405047904139584)] [[note 5](https://infosec.exchange/@zhuowei@notnow.dev/114453583508015434)]
+[2025: "Cellebrite zero-day exploit used to target phone of Serbian student activist"](https://securitylab.amnesty.org/latest/2025/02/cellebrite-zero-day-exploit-used-to-target-phone-of-serbian-student-activist/) [article] [CVE-2024-53104] [CVE-2024-53197] [CVE-2024-50302] [[note 1](https://infosec.exchange/@zhuowei@notnow.dev/114130367739741197)] [[note 2](https://infosec.exchange/@zhuowei@notnow.dev/114323100736073083)] [[note 3](https://infosec.exchange/@zhuowei@notnow.dev/114329166341368428)] [[note 4](https://infosec.exchange/@zhuowei@notnow.dev/114405047904139584)] [[note 5](https://infosec.exchange/@zhuowei@notnow.dev/114453583508015434)] [[note 6](https://infosec.exchange/@zhuowei@notnow.dev/114531934296778222)] [[note 7](https://infosec.exchange/@twiddles/114343055353217091)]
 
 [2025: "Accidentally uncovering a seven years old vulnerability in the Linux kernel" by Anderson Nascimento](https://allelesecurity.com/accidentally-uncovering-a-seven-years-old-vulnerability-in-the-linux-kernel/) [article] [CVE-2024-36904]
 
@@ -1151,9 +1179,19 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 
 ## Finding Bugs
 
+[2025: "Bypassing Kernel Barriers: Fuzzing Linux Kernel in Userspace with LKL" by Eugene Rodionov and Xuan Xing](https://static.sched.com/hosted_files/lssna2025/01/Bypass%20Kernel%20Barriers_%20Fuzzing%20Linux%20Kernel%20in%20Userspace%20with%20LKL.pdf) [slides]
+
+[2025: "Fuzzing Linux Kernel Modules" by Slava Moskvin](https://www.youtube.com/live/uCcsZrXyLyE) [video] [[code](https://github.com/sl4v/hfsplus-kernel-fuzzing-demo)]
+
+[2025: "How I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation" by Sean Heelan](https://sean.heelan.io/2025/05/22/how-i-used-o3-to-find-cve-2025-37899-a-remote-zeroday-vulnerability-in-the-linux-kernels-smb-implementation/) [article] [[note](https://x.com/antirez/status/1926580457048588321)]
+
+[2025: "Statically Discover Cross-Entry Use-After-Free Vulnerabilities in the Linux Kernel" by Hang Zhang et al.](https://www.ndss-symposium.org/wp-content/uploads/2025-559-paper.pdf) [paper] [[slides](https://taesoo.kim/pubs/2025/zhang:uafx-slides.pdf)] [[video](https://www.youtube.com/watch?v=vO9SCFS7Z2w)]
+
+[2025: "Unlocking Low Frequency Syscalls in Kernel Fuzzing with Dependency-Based RAG"](https://dl.acm.org/doi/pdf/10.1145/3728913) [paper] [[code](https://github.com/QGrain/SyzGPT)]
+
 [2025: "External fuzzing of USB drivers with syzkaller" by Andrey Konovalov](https://docs.google.com/presentation/d/1NulLxRowsHzgcL1AFzNF_w8nh3zk2BKKPfGi_1j76A8/edit?usp=sharing) [slides] [CVE-2024-53104]
 
-[2025: "A Little Goes a Long Way: Tuning Configuration Selection for Continuous Kernel Fuzzing"](https://paulgazzillo.com/papers/icse25.pdf) [paper]
+[2025: "A Little Goes a Long Way: Tuning Configuration Selection for Continuous Kernel Fuzzing" by Sanan Hasanov et al.](https://paulgazzillo.com/papers/icse25.pdf) [paper]
 
 [2025: "A Survey of Fuzzing Open-Source Operating Systems"](https://arxiv.org/pdf/2502.13163) [paper]
 
@@ -1167,8 +1205,6 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 
 [2024: "CountDown: Refcount-guided Fuzzing for Exposing Temporal Memory Errors in Linux Kernel" by Shuangpeng Bai et al.](https://huhong789.github.io/papers/bai:countdown.pdf) [paper]
 
-[2024: "A Little Goes a Long Way: Tuning Configuration Selection for Continuous Kernel Fuzzing" by Sanan Hasanov et al.](https://paulgazzillo.com/papers/icse25.pdf) [paper]
-
 [2024: "Hunting Bugs in Linux Kernel With KASAN: How to Use it & What's the Benefit?" by Slava Moskvin](https://slavamoskvin.com/hunting-bugs-in-linux-kernel-with-kasan-how-to-use-it-whats-the-benefit/) [article]
 
 [2024: "Finding Bugs in Kernel" by Slava Moskvin](https://slavamoskvin.com/finding-bugs-in-kernel.-part-1-crashing-a-vulnerable-driver-with-syzkaller/) [article] [[part 2](https://slavamoskvin.com/finding-bugs-in-kernel.-part-2-fuzzing-the-actual-kernel/)]
@@ -1219,6 +1255,8 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 
 [2023: "ReUSB: Replay-Guided USB Driver Fuzzing" by Jisoo Jang, Minsuk Kang, and Dokyung Song](https://www.usenix.org/system/files/usenixsecurity23-jang.pdf) [paper] [[slides](https://www.usenix.org/system/files/sec23_slides_jang-jisoo.pdf)] [[video](https://www.youtube.com/watch?v=DjD2-gbuXBo)]
 
+[2023: "SyzGPT: When the fuzzer meets the LLM" by Erin Avllazagaj](https://albocoder.github.io/fuzzing/exploitation/linux%20kernel/hacking/ai/gpt/llm/2023/11/27/GPT-syzkaller.html) [article]
+
 [2023: "KernelGPT: Enhanced Kernel Fuzzing via Large Language Models"](https://arxiv.org/pdf/2401.00563.pdf) [paper]
 
 [2023: "SyzDirect: Directed Greybox Fuzzing for Linux Kernel"](https://yuanxzhang.github.io/paper/syzdirect-ccs23.pdf) [paper]
@@ -1478,6 +1516,10 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 
 ["Linux Kernel Defence Map" by Alexander Popov](https://github.com/a13xp0p0v/linux-kernel-defence-map)
 
+[2025: "Linux Kernel Hardening: Ten Years Deep" by Kees Cook](https://outflux.net/slides/2025/lss/kspp-decade.pdf) [slides]
+
+[2025: "IUBIK: Isolating User Bytes in Commodity Operating System Kernels via Memory Tagging Extensions" by Marius Momeu et al.](https://www.computer.org/csdl/proceedings-article/sp/2025/223600a829/26hiTXrQMjS) [paper]
+
 [2025: "Linux kernel Rust module for rootkit detection" by Antoine Doglioli](https://blog.thalium.re/posts/linux-kernel-rust-module-for-rootkit-detection/) [article] [[code](https://github.com/thalium/rkchk)]
 
 [2025: "Enhancing spatial safety: fixing thousands of -Wflex-array-member-not-at-end warnings" by Gustavo A. R. Silva](https://embeddedor.com/slides/2025/eo/eo2025.pdf) [slides]
@@ -1841,6 +1883,8 @@ https://github.com/b17fr13nds/kernel-exploits
 
 https://github.com/LLfam/foob
 
+https://github.com/zhuowei/cheese
+
 
 ## Tools
 
@@ -1959,6 +2003,8 @@ https://github.com/NUS-Curiosity/KernJC
 
 https://oracle.github.io/kconfigs/
 
+https://github.com/google/kernel-research
+
 
 ## Practice
 
@@ -1993,6 +2039,8 @@ TsukuCTF 2025 (easy_kernel, xcache, new_era): [writeup](https://iwancof.github.i
 
 LACTF 2025 (messenger): [writeup](https://terawhiz.github.io/2025/2/oob-write-to-page-uaf-lactf-2025/)
 
+crewCTF 2024 (kUlele): [writeup](https://n132.github.io/2024/08/14/kUlele.html)
+
 HITCON CTF QUAL 2024 (Halloween): [writeup](https://u1f383.github.io/ctf/2024/07/16/hitcon-ctf-qual-2024-pwn-challenge-part-1-halloween-and-v8sbx.html)
 
 EuskalHack 2024 Gau-Hack: [writeup](https://gum3t.xyz/posts/a-gau-hack-from-euskalhack/)
@@ -2163,6 +2211,8 @@ https://github.com/hardik05/Damn_Vulnerable_Kernel_Module
 
 [Kernel Read Write eXecute (KRWX)](https://github.com/hacktivesec/KRWX) [[slides](https://www.nohat.it/presentations/KRWX_agroppo.pdf)] [[playground](https://github.com/hacktivesec/beginner-kernel-exploitation-setup)]
 
+https://github.com/d1sgr4c3/boffer
+
 
 ### Infrastructure
 
@@ -2184,6 +2234,10 @@ https://github.com/0xor0ne/awesome-list/
 
 ## Misc
 
+[2025: "Beating the kCTF PoW with AVX512IFMA for $51k" by Timothy Herchen](https://anemato.de/blog/kctf-vdf) [article]
+
+[2025: "Redefining Indirect Call Analysis with KallGraph" by Guoren Li et al.](https://www.cs.ucr.edu/%7Ezhiyunq/pub/oakland25_indirect_call.pdf) [paper] [[code](https://github.com/seclab-ucr/KallGraph)]
+
 [2025: "A Quick Dive Into The Linux Kernel Page Allocator" by D3vil](https://syst3mfailure.io/linux-page-allocator/) [article]
 
 [2025: "Musing from Decades of Linux Kernel Security Research" by Joshua Drake](https://github.com/jduck/bs25-slides) [slides]