July/August updates

1 files changed, 43 insertions, 3 deletions

diff --git a/README.md b/README.md
index 3527ea5..99aac4a 100644
--- a/README.md
+++ b/README.md
@@ -3,10 +3,12 @@ Linux Kernel Exploitation
 
 A collection of links related to Linux kernel security and exploitation.
 
-Pull requests are welcome.
+Updated bimonthly. Pull requests are welcome as well.
 
 Follow [@andreyknvl](https://twitter.com/andreyknvl) on Twitter to be notified of updates.
 
+Subscribe to [@linkersec](https://t.me/linkersec) on Telegram for highlights.
+
 
 ## Contents
 
@@ -224,6 +226,8 @@ Follow [@andreyknvl](https://twitter.com/andreyknvl) on Twitter to be notified o
 
 ### Info-leaks
 
+[2021: "Samsung S10+/S9 kernel 4.14 (Android 10) Kernel Function Address (.text) and Heap Address Information Leak"](https://ssd-disclosure.com/ssd-advisory-samsung-s10-s9-kernel-4-14-android-10-kernel-function-address-text-and-heap-address-information-leak/) [article, CVE-TBD]
+
 [2021: "Linux Kernel /proc/pid/syscall information disclosure vulnerability"](https://talosintelligence.com/vulnerability_reports/TALOS-2020-1211) [article] [CVE-2020-28588]
 
 [2021: "Spectre exploits in the "wild""](https://dustri.org/b/spectre-exploits-in-the-wild.html) [article]
@@ -257,6 +261,22 @@ Follow [@andreyknvl](https://twitter.com/andreyknvl) on Twitter to be notified o
 
 ### LPE
 
+[2021: "Kernel Pwning with eBPF: a Love Story" by Valentina Palmiotti](https://www.graplsecurity.com/post/kernel-pwning-with-ebpf-a-love-story) [article, CVE-2021-3490]
+
+[2021: "The Art of Exploiting UAF by Ret2bpf in Android Kernel" by Xingyu Jin and Richard Neal](https://conference.hitb.org/hitbsecconf2021sin/materials/D1T1%20-%20%20The%20Art%20of%20Exploiting%20UAF%20by%20Ret2bpf%20in%20Android%20Kernel%20-%20Xingyu%20Jin%20&%20Richard%20Neal.pdf) [slides, CVE-2021-0399]
+
+[2021: "Internal of the Android kernel backdoor vulnerability"](https://vul.360.net/archives/263) [article, CVE-2021-28663]
+
+[2021: "Escape from chrome sandbox to root"](https://vul.360.net/archives/217) [article, CVE-2020-0423]
+
+[2021: "CVE-2017-11176" by Maher Azzouzi](https://github.com/MaherAzzouzi/LinuxKernelStudy/tree/main/CVE-2017-11176) [article] [CVE-2017-11176]
+
+[2021: "Sequoia: A deep root in Linux's filesystem layer (CVE-2021-33909)" by Qualys Research Team](https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt) [article, CVE-2021-33909]
+
+[2021: "CVE-2021-22555: Turning \x00\x00 into 10000$" by Andy Nguyen](https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html) [CVE-2021-22555, article]
+
+[2021: "Exploitation of a double free vulnerability in Ubuntu shiftfs driver (CVE-2021-3492)" by Vincent Dehors](https://www.synacktiv.com/publications/exploitation-of-a-double-free-vulnerability-in-ubuntu-shiftfs-driver-cve-2021-3492.html) [article, CVE-2021-3492]
+
 [2021: "CVE-2021-20226 a reference counting bug which leads to local privilege escalation in io_uring"](https://flattsecurity.medium.com/cve-2021-20226-a-reference-counting-bug-which-leads-to-local-privilege-escalation-in-io-uring-e946bd69177a) [article] [CVE-2021–20226]
 
 [2021: "CVE-2021-32606: CAN ISOTP local privilege escalation"](https://github.com/nrb547/kernel-exploitation/blob/main/cve-2021-32606/cve-2021-32606.md) [article] [CVE-2021-32606]
@@ -275,6 +295,10 @@ Follow [@andreyknvl](https://twitter.com/andreyknvl) on Twitter to be notified o
 
 [2021: "Four Bytes of Power: exploiting CVE-2021-26708 in the Linux kernel"](https://a13xp0p0v.github.io/2021/02/09/CVE-2021-26708.html) [article] [[slides](https://a13xp0p0v.github.io/img/CVE-2021-26708.pdf)] [[video](https://www.youtube.com/watch?v=EMcjHfceX44)] [CVE-2021-26708]
 
+[2021: "Improving the exploit for CVE-2021-26708 in the Linux kernel to bypass LKRG" by Alexander Popov](https://a13xp0p0v.github.io/2021/08/25/lkrg-bypass.html) [article] [[slides](https://a13xp0p0v.github.io/img/CVE-2021-26708_LKRG_bypass.pdf)]
+
+[2021: "CVE-2014-3153" by Maher Azzouzi](https://github.com/MaherAzzouzi/LinuxKernelStudy/tree/main/CVE-2014-3153) [article] [CVE-2014-3153]
+
 [2021: "The curious case of CVE-2020-14381"](https://blog.frizn.fr/linux-kernel/cve-2020-14381) [article] [CVE-2020-14381]
 
 [2021: "Galaxy's Meltdown - Exploiting SVE-2020-18610"](https://github.com/vngkv123/articles/blob/main/Galaxy's%20Meltdown%20-%20Exploiting%20SVE-2020-18610.md) [article] [CVE-2020-28343, SVE-2020-18610]
@@ -560,6 +584,12 @@ Follow [@andreyknvl](https://twitter.com/andreyknvl) on Twitter to be notified o
 
 ## Finding Bugs
 
+[2021: "Fuzzing Linux with Xen" by Tamas K Lengyel](https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20presentations/Tamas%20K%20Lengyel%20-%20Fuzzing%20Linux%20with%20Xen.pdf) [slides] [[video](https://www.youtube.com/watch?v=_dXC_I2ybr4)]
+
+[2021: "Variant analysis of the ‘Sequoia’ bug" by Jordy Zomer](https://pwning.systems/posts/sequoia-variant-analysis/) [article]
+
+[2021: "KMSAN, a look under the hood" by Alexander Potapenko](https://github.com/ramosian-glider/talks-and-presentations/blob/master/2021/KernelMemorySanitizer_a_look_under_the_hood.pdf) [slides] [[video](https://www.youtube.com/watch?v=LNs2U-3m3yg)]
+
 [2021: "Detecting Kernel Memory Leaks in Specialized Modules with Ownership Reasoning"](https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/k-meld.pdf) [paper]
 
 [2021: "Understanding and Detecting Disordered Error Handling with Precise Function Pairing"](https://www.usenix.org/system/files/sec21summer_wu-qiushi.pdf) [paper]
@@ -707,6 +737,8 @@ Follow [@andreyknvl](https://twitter.com/andreyknvl) on Twitter to be notified o
 
 ["Linux Kernel Defence Map" by Alexander Popov](https://github.com/a13xp0p0v/linux-kernel-defence-map)
 
+[2021: "How AUTOSLAB Changes the Memory Unsafety Game" by Zhenpeng Lin](https://grsecurity.net/how_autoslab_changes_the_memory_unsafety_game) [article]
+
 [2021: "security things in Linux vX.X" by Kees Cook](https://outflux.net/blog/archives/2021/02/08/security-things-in-linux-v5-8/) [articles]
 
 [2021: "Undo Workarounds for Kernel Bugs"](https://www.usenix.org/system/files/sec21fall-talebi.pdf) [paper]
@@ -980,6 +1012,10 @@ https://github.com/evdenis/cvehound
 
 [github.com/AravGarg/kernel-hacking/ctf-challs](https://github.com/AravGarg/kernel-hacking/tree/master/ctf-challs)
 
+Google CTF 2021 (pwn-fullchain): [source](https://github.com/google/google-ctf/tree/master/2021/quals/pwn-fullchain), [writeup](https://ptr-yudai.hatenablog.com/entry/2021/07/26/225308)
+
+Google CTF 2021 (pwn-ebpf): [source](https://github.com/google/google-ctf/tree/master/2021/quals/pwn-ebpf), [writeup](https://mem2019.github.io/jekyll/update/2021/07/19/GCTF2021-eBPF.html)
+
 3kCTF 2021 (echo): [source and exploit](https://github.com/MaherAzzouzi/3k21-pwn/tree/main/echo)
 
 3kCTF 2021 (klibrary): [source](https://github.com/MaherAzzouzi/3k21-pwn/tree/main/klibrary), [writeup](https://meowmeowxw.gitlab.io/ctf/3k-2021-klibrary/)
@@ -1096,14 +1132,18 @@ https://github.com/crowell/old_blog/blob/source/source/_posts/2014-11-24-hosting
 
 ## Misc
 
-https://github.com/bsauce/kernel-security-learning
-
 [2021: "The Complicated History of a Simple Linux Kernel API"](https://www.grsecurity.net/complicated_history_simple_linux_kernel_api) [article]
 
 [2021: "On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commit"](https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf) [paper]
 
 [2020: "Android / Linux SLUB aliasing for general- and special-purpose caches" by Vitaly Nikolenko](https://www.youtube.com/watch?v=5-eRsA0l8Pg) [video]
 
+[grsecurity CVE-Dataset](https://docs.google.com/spreadsheets/u/0/d/1JO43UfT7Vjun9ytSWNdI17xmnzZMg19Tii-rKw94Rvw/htmlview#gid=0) [spreadsheet]
+
+https://github.com/nccgroup/exploit_mitigations
+
+https://github.com/bsauce/kernel-security-learning
+
 https://github.com/hackedteam
 
 https://forums.grsecurity.net/viewforum.php?f=7