September/October updates

author: Andrey Konovalov 2024-11-01 17:13:47 +0100
committer: Andrey Konovalov 2024-11-01 17:13:47 +0100
commit: 5dc72e61f867c3cf89ee7f46e7f6fa98333558d2 (patch)
tree: e112c70092768cea4d229aa4861765fb07d5aae5 /README.md
parent: e7d2b27ca647c3e0bafe934cb37291257a091063 (diff)
1 files changed, 75 insertions, 3 deletions
diff --git a/README.md b/README.md
index f190c78..d58570c 100644
--- a/README.md
+++ b/README.md
@@ -52,6 +52,10 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 ### Exploitation
+[2024: "SLUB Internals for Exploit Developers" by Andrey Konovalov](https://static.sched.com/hosted_files/lsseu2024/37/2024%2C%20LSS%20EU_%20SLUB%20Internals%20for%20Exploit%20Developers.pdf) [slides] [[video](https://www.youtube.com/watch?v=XulsBDV4n3w)]
+[2024: "SCAVY: Automated Discovery of Memory Corruption Targets in Linux Kernel for Privilege Escalation"](https://www.usenix.org/system/files/usenixsecurity24-avllazagaj.pdf) [paper]
 [2024: "PageJack: A Powerful Exploit Technique With Page-Level UAF" by Zhiyun Qian et. al](https://i.blackhat.com/BH-US-24/Presentations/US24-Qian-PageJack-A-Powerful-Exploit-Technique-With-Page-Level-UAF-Thursday.pdf) [slides] [[code](https://github.com/Lotuhu/Page-UAF)] [[summary](https://phrack.org/issues/71/13.html#article)]
 [2024: "SLUBStick: Arbitrary Memory Writes through Practical Software Cross-Cache Attacks within the Linux Kernel" by Lukas Maar et. al](https://stefangast.eu/papers/slubstick.pdf) [paper]
@@ -281,6 +285,10 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 ### Protection Bypasses
+[2024: "SELinux bypasses"](https://klecko.github.io/posts/selinux-bypasses/) [article]
+[2024: "Defects-in-Depth: Analyzing the Integration of Effective Defenses against One-Day Exploits in Android Kernels" by Lukas Maar et. al](https://www.usenix.org/system/files/usenixsecurity24-maar-defects.pdf) [paper] [[artifacts](https://www.usenix.org/system/files/usenixsecurity24-appendix-maar-defects.pdf)]
 [2024: "Leaking Host KASLR from Guest VMs Using Tagged TLB" by Reno Robert](https://pagedout.institute/download/PagedOut_004_beta1.pdf#page=58) [article]
 [2024: "TikTag: Breaking ARM's Memory Tagging Extension with Speculative Execution" by Juhee Kim et al.](https://arxiv.org/pdf/2406.08719) [paper] [[code](https://github.com/compsec-snu/tiktag)]
@@ -416,11 +424,17 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 ### LPE
+[2024: "Unleashing a 0day: Pivoting Capabilities and Conquering the Linux Kernel" by Pedro Pinto](https://www.figma.com/deck/GyXCgKKy6rMuY7NVZtInjY/Unleadhing-a-Oday---Osec?node-id=13-225) [slides] [CVE-2024-41010]
+[2024: "Utilizing Cross-CPU Allocation to Exploit Preempt-Disabled Linux Kernel" by Mingi Cho and Wongi Lee](https://www.hexacon.fr/slides/Cho_Lee-Utilizing_Cross-CPU_Allocation_to_Exploit_Preempt-Disabled_Linux_Kernel.pdf) [slides] [CVE-2023-31248] [CVE-2024-36978]
+[2024: "1day vuln dev: DirtyCOW"](https://www.youtube.com/watch?v=lQOiH-43zOc) [video] [CVE-2016-5195]
 [2024: "Race conditions in Linux Kernel perf events"](https://binarygecko.com/race-conditions-in-linux-kernel-perf-events/) [[code](https://github.com/Binary-Gecko/perf_PoC)] [CVE-UNKNOWN]
 [2024: "CVE-2020-27786 (Race Condition + Use-After-Free)" by ii4gsp](https://ii4gsp.github.io/cve-2020-27786/) [article] [CVE-2020-27786]
-[2024: "GPUAF Using a general GPU exploit tech to attack Pixel8" by Pan Zhenpeng and Jheng Bing Jhong](https://www.youtube.com/watch?v=Mw6iCqjOV9Q) [video] [CVE-UNKNOWN]
+[2024: "GPUAF Using a general GPU exploit tech to attack Pixel8" by Pan Zhenpeng and Jheng Bing Jhong](https://github.com/star-sg/OBO/blob/main/2024/Day%201/GPUAF%20-%20Using%20a%20general%20GPU%20exploit%20tech%20to%20attack%20Pixel8.pdf) [slides] [[video](https://www.youtube.com/watch?v=Mw6iCqjOV9Q)] [CVE-UNKNOWN]
 [2024: "Linux Kernel taprio OOB"](https://ssd-disclosure.com/ssd-advisory-linux-kernel-taprio-oob/) [article] [CVE-2024-36974]
@@ -928,6 +942,10 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 ### Other
+[2024: "CVE-2024-26926 Analysis" by Maher Azzouzi](https://github.com/MaherAzzouzi/LinuxKernel-nday/blob/main/CVE-2024-26926/CVE_2024_26926_Analysis.pdf) [article] [CVE-2024-26926]
+[2024: "CVE-2024-44068: Samsung m2m1shot_scaler0 device driver page use-after-free in Android"](https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2024/CVE-2024-44068.html) [article] [CVE-2024-44068]
 [2024: "Deep Dive into RCU Race Condition: Analysis of TCP-AO UAF (CVE-2024–27394)"](https://blog.theori.io/deep-dive-into-rcu-race-condition-analysis-of-tcp-ao-uaf-cve-2024-27394-f40508b84c42) [article] [CVE-2024–27394]
 [2024: "ZDI-24-821: A Remote UAF in The Kernel's net/tipc" by Sam Page](https://sam4k.com/zdi-24-821-a-remote-use-after-free-in-the-kernels-net-tipc/) [article] [ZDI-24-821] [CVE-2024-36886]
@@ -1013,6 +1031,24 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 ## Finding Bugs
+[2024: "Head First Reporting of Linux Kernel CVEs: Practical Use of the Kernel Fuzzer" by Yunseong Kim](https://static.sched.com/hosted_files/sosscdjapan2024/7a/Head%20First%20Reporting%20of%20Linux%20Kernel%20CVEs%20-%20sosscj24.pdf) [slides]
+[2024: "Finding Bugs in Kernel. Part 1: Crashing a Vulnerable Driver with Syzkaller" by Vyacheslav Moskvin](https://www.linkedin.com/pulse/finding-bugs-kernel-part-1-crashing-vulnerable-driver-moskvin-4vwje/) [article]
+[2024: "Lessons from the buzz" by Juan Jose Lopez Jaimez](https://lpc.events/event/18/contributions/1946/attachments/1473/3119/Lessons%20from%20the%20buzz%20-%20LPC.pdf) [slides] [[video](https://www.youtube.com/watch?v=nPYvwrbFxjQ)]
+[2024: "The State of eBPF Fuzzing" by Paul Chaignon](https://pchaigno.github.io/assets/Linux%20Plumbers%202024%20Fuzzing%20eBPF.pdf) [slides] [[video](https://www.youtube.com/watch?v=Xtjpsm-cOos)]
+[2024: "CARDSHARK: Understanding and Stablizing Linux Kernel Concurrency Bugs Against the Odds"](https://www.usenix.org/system/files/usenixsecurity24-han-tianshuo.pdf) [paper]
+[2024: "LR-Miner: Static Race Detection in OS Kernels by Mining Locking Rules" by Tuo Li et. al](https://www.usenix.org/system/files/usenixsecurity24-li-tuo.pdf) [paper]
+[2024: "Detecting Kernel Memory Bugs through Inconsistent Memory Management Intention Inferences"](https://www.usenix.org/system/files/usenixsecurity24-liu-dinghao-detecting.pdf) [paper] [[slides](https://www.usenix.org/system/files/usenixsecurity24_slides-liu-dinghao-detecting.pdf)]
+[2024: "MOCK: Optimizing Kernel Fuzzing Mutation with Context-aware Dependency"](https://www.ndss-symposium.org/wp-content/uploads/2024-131-paper.pdf) [paper]
+[2024: "SyzGen++: Dependency Inference for Augmenting Kernel Driver Fuzzing"](https://www.cs.ucr.edu/~zhiyunq/pub/oakland24_syzgenplusplus.pdf) [paper]
 [2024: "StateFuzz: System Call-Based State-Aware Linux Driver Fuzzing" by Bodong Zhao et. al](https://github.com/vul337/StateFuzz/blob/main/statefuzz.pdf) [paper] [[code](https://github.com/vul337/StateFuzz)]
 [2024: "BRF: eBPF Runtime Fuzzer" by Hsin-Wei Hung and Ardalan Amiri Sani](https://arxiv.org/pdf/2305.08782) [paper]
@@ -1296,6 +1332,34 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 ["Linux Kernel Defence Map" by Alexander Popov](https://github.com/a13xp0p0v/linux-kernel-defence-map)
+[2024: "Diving into the kernel mitigations" by Breno Leitao](https://www.youtube.com/watch?v=srPeMl9FZI8) [video]
+[2024: "Security Features status update" by Kees Cook](https://lpc.events/event/18/contributions/1920/attachments/1547/3228/Security%20Features%20status%20update.pdf) [slides] [[video](https://www.youtube.com/watch?v=68PZz_9cPms)]
+[2024: "Restricting Unprivileged User Namespaces In Ubuntu" by John Johansen and Maxime Belair](https://static.sched.com/hosted_files/lsseu2024/ed/Restricting%20Unprivileged%20User%20Namespaces%20In%20Ubuntu.pdf) [slides] [[video](https://www.youtube.com/watch?v=GcVjng8WVeg)]
+[2024: "Enhancing spatial safety: fixing thousands of -Wflex-array-member-not-at-end warnings" by Gustavo A. R. Silva](https://lpc.events/event/18/contributions/1722/attachments/1591/3303/Wfamnae_lpceu2024.pdf) [slides] [[video](https://www.youtube.com/watch?v=k4wX5OgbhAQ)]
+[2024: "Challenges and Innovations Towards Spatial Safety in the Linux Kernel" by Gustavo A. R. Silva](https://embeddedor.com/slides/2024/lceu/lceu2024.pdf) [slides]
+[2024: "Agni: Fast Formal Verification of the Verifier's Range Analysis" by Paul Chaignon](https://pchaigno.github.io/assets/Linux%20Plumbers%202024%20Agni.pdf) [slides] [[video](https://www.youtube.com/watch?v=3qH77qCl3SQ)]
+[2024: "Lazy Abstraction Refinement with Proof" by Hao Sun and Zhendong Su](https://lpc.events/event/18/contributions/1939/attachments/1593/3305/LPC%20'24%20(Hao%20Sun).pdf) [[video](https://www.youtube.com/watch?v=Lz-efC4KAl0)]
+[2024: "Improving eBPF Complexity with a Hardware-backed Isolation Environment" by Zhe Wang](https://lpc.events/event/18/contributions/1947/attachments/1452/3087/Zhe%20Wang.pdf) [[video](https://www.youtube.com/watch?v=TGpteJoDog8)]
+[2024: "Towards Safe Kernel Extensibility With eBPF" by Soo Yee Lim](https://s00y33.github.io/publication/safebpf/safebpf.pdf) [paper] [[slides](https://s00y33.github.io/event/ebpf-summit/slides.pdf)] [[video](https://www.youtube.com/live/PQNDsdP27Hw?t=15042s)]
+[2024: "Stop! Sandboxing Exploitable Functions and Modules Using In-Kernel Machine Learning"](https://i.blackhat.com/BH-US-24/Presentations/US24-Dai-Stop-Sandboxing-Exploitable-Functions-and-Modules-Using-In-Kernel-Machine-Learning-Thursday.pdf) [slides]
+[2024: "ISLAB: Immutable Memory Management Metadata for Commodity Operating System Kernels"](https://cs.brown.edu/~vpk/papers/islab.asiaccs24.pdf) [paper]
+[2024: "SeaK: Rethinking the Design of a Secure Allocator for OS Kernel"](https://www.usenix.org/system/files/usenixsecurity24-wang-zicheng.pdf) [paper] [[slides](https://www.usenix.org/system/files/usenixsecurity24_slides-wang-zicheng.pdf)] [[artifacts](https://www.usenix.org/system/files/usenixsecurity24-appendix-wang-zicheng.pdf)]
+[2024: "MOAT: Towards Safe BPF Kernel Extension"](https://www.usenix.org/system/files/usenixsecurity24-lu-hongyi.pdf) [paper] [[slides](https://www.usenix.org/system/files/usenixsecurity24_slides-lu-hongyi.pdf)] [[artifact](https://www.usenix.org/system/files/usenixsecurity24-appendix-lu-hongyi.pdf)]
+[2024: "SafeFetch: Practical Double-Fetch Protection with Kernel-Fetch Caching"](https://www.usenix.org/system/files/usenixsecurity24-duta.pdf) [paper] [[slides](https://www.usenix.org/system/files/usenixsecurity24_slides-duta.pdf)] [[artifacts](https://www.usenix.org/system/files/usenixsecurity24-appendix-duta.pdf)]
 [2024: "Reducing Maintenance Burden by Bending C" by Mathias Krause](https://grsecurity.net/reducing_maintenance_burden_by_bending_c) [article]
 [2024: "BeeBox: Hardening BPF against Transient Execution Attacks" by Di Jin, Alexander J. Gaidis, and Vasileios P. Kemerlis](https://cs.brown.edu/~vpk/papers/beebox.sec24.pdf) [paper] [[code](https://gitlab.com/brown-ssl/beebox)]
@@ -1950,7 +2014,13 @@ https://github.com/0xor0ne/awesome-list/
 ## Misc
-[2024: "Love and hate - The cyber tale between fuzzer and exploits in Linux kernel" by Zou Xiaochen](https://www.youtube.com/watch?v=cDcMlMH-XjU) [video]
+[2024: "More Bang for Your Bug!" by Eduardo Vela and Space Meyer](https://docs.google.com/presentation/d/163DiKhThCTEb4Udv9FWfBQOiDtOXQHiCZ61pE-srBOw/present) [slides] [[video](https://www.youtube.com/watch?v=S0Wzy0Knw0M)]
+[2024: "Linux Kernel CVEs, What Has Caused So Many to Suddenly Show Up?" by Greg Kroah-Hartman](https://git.sr.ht/~gregkh/presentation-security/blob/main/security-stuff.pdf) [slides] [[video](https://www.youtube.com/watch?v=Rg_VPMT0XXw)]
+[2024: "Reverse Engineering a Kernel Driver chall: S01 E01"](https://www.youtube.com/watch?v=Ar4dZNL9rHE) [video] [[E02](https://www.youtube.com/watch?v=e7ydGxJ5fTQ)]
+[2024: "Love and hate - The cyber tale between fuzzer and exploits in Linux kernel" by Zou Xiaochen](https://www.youtube.com/watch?v=cDcMlMH-XjU) [video] [[slides](https://github.com/star-sg/OBO/blob/main/2024/Day%202/Love%20and%20hate%20-%20The%20cyber%20tale%20between%20fuzzer%20and%20exploits%20in%20Linux%20kernel.pptx)]
 [2024: "Reflections on RANDSTRUCT in GrapheneOS" by Julien Voisin](https://dustri.org/b/reflections-on-randstruct-in-grapheneos.html) [article]
@@ -1970,7 +2040,7 @@ https://github.com/0xor0ne/awesome-list/
 [2024: "Linux is a CNA" by Greg Kroah-Hartman](http://www.kroah.com/log/blog/2024/02/13/linux-is-a-cna/) [article]
-[2024: "An Investigation of Patch Porting Practices of the Linux Kernel Ecosystem"](https://arxiv.org/pdf/2402.05212.pdf) [paper]
+[2024: "An Investigation of Patch Porting Practices of the Linux Kernel Ecosystem"](https://arxiv.org/pdf/2402.05212.pdf) [paper] [[video](https://www.youtube.com/watch?v=nE0QcLT3Tvs)]
 [2023: "Syzbot: 7 years of continuous kernel fuzzing" by Aleksandr Nogikh](https://lpc.events/event/17/contributions/1521/attachments/1272/2698/LPC'23_%20Syzbot_%207%20years%20of%20continuous%20kernel%20fuzzing.pdf) [slides] [[video](https://www.youtube.com/watch?v=sDMNEBoTtrI)]
@@ -2055,3 +2125,5 @@ https://github.com/hardenedvault/ved-ebpf
 https://github.com/thebabush/linux-russian-roulette
 https://kspp.github.io/
+https://github.com/androidoffsec/libdevbinder
author	Andrey Konovalov	2024-11-01 17:13:47 +0100
committer	Andrey Konovalov	2024-11-01 17:13:47 +0100
commit	5dc72e61f867c3cf89ee7f46e7f6fa98333558d2 (patch)
tree	e112c70092768cea4d229aa4861765fb07d5aae5 /README.md
parent	e7d2b27ca647c3e0bafe934cb37291257a091063 (diff)

diff --git a/README.md b/README.md index f190c78..d58570c 100644 --- a/README.md +++ b/README.md
@@ -52,6 +52,10 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
52		52
53	### Exploitation	53	### Exploitation
54		54
		55	[2024: "SLUB Internals for Exploit Developers" by Andrey Konovalov](https://static.sched.com/hosted_files/lsseu2024/37/2024%2C%20LSS%20EU_%20SLUB%20Internals%20for%20Exploit%20Developers.pdf) [slides] [[video](https://www.youtube.com/watch?v=XulsBDV4n3w)]
		56
		57	[2024: "SCAVY: Automated Discovery of Memory Corruption Targets in Linux Kernel for Privilege Escalation"](https://www.usenix.org/system/files/usenixsecurity24-avllazagaj.pdf) [paper]
		58
55	[2024: "PageJack: A Powerful Exploit Technique With Page-Level UAF" by Zhiyun Qian et. al](https://i.blackhat.com/BH-US-24/Presentations/US24-Qian-PageJack-A-Powerful-Exploit-Technique-With-Page-Level-UAF-Thursday.pdf) [slides] [[code](https://github.com/Lotuhu/Page-UAF)] [[summary](https://phrack.org/issues/71/13.html#article)]	59	[2024: "PageJack: A Powerful Exploit Technique With Page-Level UAF" by Zhiyun Qian et. al](https://i.blackhat.com/BH-US-24/Presentations/US24-Qian-PageJack-A-Powerful-Exploit-Technique-With-Page-Level-UAF-Thursday.pdf) [slides] [[code](https://github.com/Lotuhu/Page-UAF)] [[summary](https://phrack.org/issues/71/13.html#article)]
56		60
57	[2024: "SLUBStick: Arbitrary Memory Writes through Practical Software Cross-Cache Attacks within the Linux Kernel" by Lukas Maar et. al](https://stefangast.eu/papers/slubstick.pdf) [paper]	61	[2024: "SLUBStick: Arbitrary Memory Writes through Practical Software Cross-Cache Attacks within the Linux Kernel" by Lukas Maar et. al](https://stefangast.eu/papers/slubstick.pdf) [paper]
@@ -281,6 +285,10 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
281		285
282	### Protection Bypasses	286	### Protection Bypasses
283		287
		288	[2024: "SELinux bypasses"](https://klecko.github.io/posts/selinux-bypasses/) [article]
		289
		290	[2024: "Defects-in-Depth: Analyzing the Integration of Effective Defenses against One-Day Exploits in Android Kernels" by Lukas Maar et. al](https://www.usenix.org/system/files/usenixsecurity24-maar-defects.pdf) [paper] [[artifacts](https://www.usenix.org/system/files/usenixsecurity24-appendix-maar-defects.pdf)]
		291
284	[2024: "Leaking Host KASLR from Guest VMs Using Tagged TLB" by Reno Robert](https://pagedout.institute/download/PagedOut_004_beta1.pdf#page=58) [article]	292	[2024: "Leaking Host KASLR from Guest VMs Using Tagged TLB" by Reno Robert](https://pagedout.institute/download/PagedOut_004_beta1.pdf#page=58) [article]
285		293
286	[2024: "TikTag: Breaking ARM's Memory Tagging Extension with Speculative Execution" by Juhee Kim et al.](https://arxiv.org/pdf/2406.08719) [paper] [[code](https://github.com/compsec-snu/tiktag)]	294	[2024: "TikTag: Breaking ARM's Memory Tagging Extension with Speculative Execution" by Juhee Kim et al.](https://arxiv.org/pdf/2406.08719) [paper] [[code](https://github.com/compsec-snu/tiktag)]
@@ -416,11 +424,17 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
416		424
417	### LPE	425	### LPE
418		426
		427	[2024: "Unleashing a 0day: Pivoting Capabilities and Conquering the Linux Kernel" by Pedro Pinto](https://www.figma.com/deck/GyXCgKKy6rMuY7NVZtInjY/Unleadhing-a-Oday---Osec?node-id=13-225) [slides] [CVE-2024-41010]
		428
		429	[2024: "Utilizing Cross-CPU Allocation to Exploit Preempt-Disabled Linux Kernel" by Mingi Cho and Wongi Lee](https://www.hexacon.fr/slides/Cho_Lee-Utilizing_Cross-CPU_Allocation_to_Exploit_Preempt-Disabled_Linux_Kernel.pdf) [slides] [CVE-2023-31248] [CVE-2024-36978]
		430
		431	[2024: "1day vuln dev: DirtyCOW"](https://www.youtube.com/watch?v=lQOiH-43zOc) [video] [CVE-2016-5195]
		432
419	[2024: "Race conditions in Linux Kernel perf events"](https://binarygecko.com/race-conditions-in-linux-kernel-perf-events/) [[code](https://github.com/Binary-Gecko/perf_PoC)] [CVE-UNKNOWN]	433	[2024: "Race conditions in Linux Kernel perf events"](https://binarygecko.com/race-conditions-in-linux-kernel-perf-events/) [[code](https://github.com/Binary-Gecko/perf_PoC)] [CVE-UNKNOWN]
420		434
421	[2024: "CVE-2020-27786 (Race Condition + Use-After-Free)" by ii4gsp](https://ii4gsp.github.io/cve-2020-27786/) [article] [CVE-2020-27786]	435	[2024: "CVE-2020-27786 (Race Condition + Use-After-Free)" by ii4gsp](https://ii4gsp.github.io/cve-2020-27786/) [article] [CVE-2020-27786]
422		436
423	[2024: "GPUAF Using a general GPU exploit tech to attack Pixel8" by Pan Zhenpeng and Jheng Bing Jhong](https://www.youtube.com/watch?v=Mw6iCqjOV9Q) [video] [CVE-UNKNOWN]	437	[2024: "GPUAF Using a general GPU exploit tech to attack Pixel8" by Pan Zhenpeng and Jheng Bing Jhong](https://github.com/star-sg/OBO/blob/main/2024/Day%201/GPUAF%20-%20Using%20a%20general%20GPU%20exploit%20tech%20to%20attack%20Pixel8.pdf) [slides] [[video](https://www.youtube.com/watch?v=Mw6iCqjOV9Q)] [CVE-UNKNOWN]
424		438
425	[2024: "Linux Kernel taprio OOB"](https://ssd-disclosure.com/ssd-advisory-linux-kernel-taprio-oob/) [article] [CVE-2024-36974]	439	[2024: "Linux Kernel taprio OOB"](https://ssd-disclosure.com/ssd-advisory-linux-kernel-taprio-oob/) [article] [CVE-2024-36974]
426		440
@@ -928,6 +942,10 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
928		942
929	### Other	943	### Other
930		944
		945	[2024: "CVE-2024-26926 Analysis" by Maher Azzouzi](https://github.com/MaherAzzouzi/LinuxKernel-nday/blob/main/CVE-2024-26926/CVE_2024_26926_Analysis.pdf) [article] [CVE-2024-26926]
		946
		947	[2024: "CVE-2024-44068: Samsung m2m1shot_scaler0 device driver page use-after-free in Android"](https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2024/CVE-2024-44068.html) [article] [CVE-2024-44068]
		948
931	[2024: "Deep Dive into RCU Race Condition: Analysis of TCP-AO UAF (CVE-2024–27394)"](https://blog.theori.io/deep-dive-into-rcu-race-condition-analysis-of-tcp-ao-uaf-cve-2024-27394-f40508b84c42) [article] [CVE-2024–27394]	949	[2024: "Deep Dive into RCU Race Condition: Analysis of TCP-AO UAF (CVE-2024–27394)"](https://blog.theori.io/deep-dive-into-rcu-race-condition-analysis-of-tcp-ao-uaf-cve-2024-27394-f40508b84c42) [article] [CVE-2024–27394]
932		950
933	[2024: "ZDI-24-821: A Remote UAF in The Kernel's net/tipc" by Sam Page](https://sam4k.com/zdi-24-821-a-remote-use-after-free-in-the-kernels-net-tipc/) [article] [ZDI-24-821] [CVE-2024-36886]	951	[2024: "ZDI-24-821: A Remote UAF in The Kernel's net/tipc" by Sam Page](https://sam4k.com/zdi-24-821-a-remote-use-after-free-in-the-kernels-net-tipc/) [article] [ZDI-24-821] [CVE-2024-36886]
@@ -1013,6 +1031,24 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
1013		1031
1014	## Finding Bugs	1032	## Finding Bugs
1015		1033
		1034	[2024: "Head First Reporting of Linux Kernel CVEs: Practical Use of the Kernel Fuzzer" by Yunseong Kim](https://static.sched.com/hosted_files/sosscdjapan2024/7a/Head%20First%20Reporting%20of%20Linux%20Kernel%20CVEs%20-%20sosscj24.pdf) [slides]
		1035
		1036	[2024: "Finding Bugs in Kernel. Part 1: Crashing a Vulnerable Driver with Syzkaller" by Vyacheslav Moskvin](https://www.linkedin.com/pulse/finding-bugs-kernel-part-1-crashing-vulnerable-driver-moskvin-4vwje/) [article]
		1037
		1038	[2024: "Lessons from the buzz" by Juan Jose Lopez Jaimez](https://lpc.events/event/18/contributions/1946/attachments/1473/3119/Lessons%20from%20the%20buzz%20-%20LPC.pdf) [slides] [[video](https://www.youtube.com/watch?v=nPYvwrbFxjQ)]
		1039
		1040	[2024: "The State of eBPF Fuzzing" by Paul Chaignon](https://pchaigno.github.io/assets/Linux%20Plumbers%202024%20Fuzzing%20eBPF.pdf) [slides] [[video](https://www.youtube.com/watch?v=Xtjpsm-cOos)]
		1041
		1042	[2024: "CARDSHARK: Understanding and Stablizing Linux Kernel Concurrency Bugs Against the Odds"](https://www.usenix.org/system/files/usenixsecurity24-han-tianshuo.pdf) [paper]
		1043
		1044	[2024: "LR-Miner: Static Race Detection in OS Kernels by Mining Locking Rules" by Tuo Li et. al](https://www.usenix.org/system/files/usenixsecurity24-li-tuo.pdf) [paper]
		1045
		1046	[2024: "Detecting Kernel Memory Bugs through Inconsistent Memory Management Intention Inferences"](https://www.usenix.org/system/files/usenixsecurity24-liu-dinghao-detecting.pdf) [paper] [[slides](https://www.usenix.org/system/files/usenixsecurity24_slides-liu-dinghao-detecting.pdf)]
		1047
		1048	[2024: "MOCK: Optimizing Kernel Fuzzing Mutation with Context-aware Dependency"](https://www.ndss-symposium.org/wp-content/uploads/2024-131-paper.pdf) [paper]
		1049
		1050	[2024: "SyzGen++: Dependency Inference for Augmenting Kernel Driver Fuzzing"](https://www.cs.ucr.edu/~zhiyunq/pub/oakland24_syzgenplusplus.pdf) [paper]
		1051
1016	[2024: "StateFuzz: System Call-Based State-Aware Linux Driver Fuzzing" by Bodong Zhao et. al](https://github.com/vul337/StateFuzz/blob/main/statefuzz.pdf) [paper] [[code](https://github.com/vul337/StateFuzz)]	1052	[2024: "StateFuzz: System Call-Based State-Aware Linux Driver Fuzzing" by Bodong Zhao et. al](https://github.com/vul337/StateFuzz/blob/main/statefuzz.pdf) [paper] [[code](https://github.com/vul337/StateFuzz)]
1017		1053
1018	[2024: "BRF: eBPF Runtime Fuzzer" by Hsin-Wei Hung and Ardalan Amiri Sani](https://arxiv.org/pdf/2305.08782) [paper]	1054	[2024: "BRF: eBPF Runtime Fuzzer" by Hsin-Wei Hung and Ardalan Amiri Sani](https://arxiv.org/pdf/2305.08782) [paper]
@@ -1296,6 +1332,34 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
1296		1332
1297	["Linux Kernel Defence Map" by Alexander Popov](https://github.com/a13xp0p0v/linux-kernel-defence-map)	1333	["Linux Kernel Defence Map" by Alexander Popov](https://github.com/a13xp0p0v/linux-kernel-defence-map)
1298		1334
		1335	[2024: "Diving into the kernel mitigations" by Breno Leitao](https://www.youtube.com/watch?v=srPeMl9FZI8) [video]
		1336
		1337	[2024: "Security Features status update" by Kees Cook](https://lpc.events/event/18/contributions/1920/attachments/1547/3228/Security%20Features%20status%20update.pdf) [slides] [[video](https://www.youtube.com/watch?v=68PZz_9cPms)]
		1338
		1339	[2024: "Restricting Unprivileged User Namespaces In Ubuntu" by John Johansen and Maxime Belair](https://static.sched.com/hosted_files/lsseu2024/ed/Restricting%20Unprivileged%20User%20Namespaces%20In%20Ubuntu.pdf) [slides] [[video](https://www.youtube.com/watch?v=GcVjng8WVeg)]
		1340
		1341	[2024: "Enhancing spatial safety: fixing thousands of -Wflex-array-member-not-at-end warnings" by Gustavo A. R. Silva](https://lpc.events/event/18/contributions/1722/attachments/1591/3303/Wfamnae_lpceu2024.pdf) [slides] [[video](https://www.youtube.com/watch?v=k4wX5OgbhAQ)]
		1342
		1343	[2024: "Challenges and Innovations Towards Spatial Safety in the Linux Kernel" by Gustavo A. R. Silva](https://embeddedor.com/slides/2024/lceu/lceu2024.pdf) [slides]
		1344
		1345	[2024: "Agni: Fast Formal Verification of the Verifier's Range Analysis" by Paul Chaignon](https://pchaigno.github.io/assets/Linux%20Plumbers%202024%20Agni.pdf) [slides] [[video](https://www.youtube.com/watch?v=3qH77qCl3SQ)]
		1346
		1347	[2024: "Lazy Abstraction Refinement with Proof" by Hao Sun and Zhendong Su](https://lpc.events/event/18/contributions/1939/attachments/1593/3305/LPC%20'24%20(Hao%20Sun).pdf) [[video](https://www.youtube.com/watch?v=Lz-efC4KAl0)]
		1348
		1349	[2024: "Improving eBPF Complexity with a Hardware-backed Isolation Environment" by Zhe Wang](https://lpc.events/event/18/contributions/1947/attachments/1452/3087/Zhe%20Wang.pdf) [[video](https://www.youtube.com/watch?v=TGpteJoDog8)]
		1350
		1351	[2024: "Towards Safe Kernel Extensibility With eBPF" by Soo Yee Lim](https://s00y33.github.io/publication/safebpf/safebpf.pdf) [paper] [[slides](https://s00y33.github.io/event/ebpf-summit/slides.pdf)] [[video](https://www.youtube.com/live/PQNDsdP27Hw?t=15042s)]
		1352
		1353	[2024: "Stop! Sandboxing Exploitable Functions and Modules Using In-Kernel Machine Learning"](https://i.blackhat.com/BH-US-24/Presentations/US24-Dai-Stop-Sandboxing-Exploitable-Functions-and-Modules-Using-In-Kernel-Machine-Learning-Thursday.pdf) [slides]
		1354
		1355	[2024: "ISLAB: Immutable Memory Management Metadata for Commodity Operating System Kernels"](https://cs.brown.edu/~vpk/papers/islab.asiaccs24.pdf) [paper]
		1356
		1357	[2024: "SeaK: Rethinking the Design of a Secure Allocator for OS Kernel"](https://www.usenix.org/system/files/usenixsecurity24-wang-zicheng.pdf) [paper] [[slides](https://www.usenix.org/system/files/usenixsecurity24_slides-wang-zicheng.pdf)] [[artifacts](https://www.usenix.org/system/files/usenixsecurity24-appendix-wang-zicheng.pdf)]
		1358
		1359	[2024: "MOAT: Towards Safe BPF Kernel Extension"](https://www.usenix.org/system/files/usenixsecurity24-lu-hongyi.pdf) [paper] [[slides](https://www.usenix.org/system/files/usenixsecurity24_slides-lu-hongyi.pdf)] [[artifact](https://www.usenix.org/system/files/usenixsecurity24-appendix-lu-hongyi.pdf)]
		1360
		1361	[2024: "SafeFetch: Practical Double-Fetch Protection with Kernel-Fetch Caching"](https://www.usenix.org/system/files/usenixsecurity24-duta.pdf) [paper] [[slides](https://www.usenix.org/system/files/usenixsecurity24_slides-duta.pdf)] [[artifacts](https://www.usenix.org/system/files/usenixsecurity24-appendix-duta.pdf)]
		1362
1299	[2024: "Reducing Maintenance Burden by Bending C" by Mathias Krause](https://grsecurity.net/reducing_maintenance_burden_by_bending_c) [article]	1363	[2024: "Reducing Maintenance Burden by Bending C" by Mathias Krause](https://grsecurity.net/reducing_maintenance_burden_by_bending_c) [article]
1300		1364
1301	[2024: "BeeBox: Hardening BPF against Transient Execution Attacks" by Di Jin, Alexander J. Gaidis, and Vasileios P. Kemerlis](https://cs.brown.edu/~vpk/papers/beebox.sec24.pdf) [paper] [[code](https://gitlab.com/brown-ssl/beebox)]	1365	[2024: "BeeBox: Hardening BPF against Transient Execution Attacks" by Di Jin, Alexander J. Gaidis, and Vasileios P. Kemerlis](https://cs.brown.edu/~vpk/papers/beebox.sec24.pdf) [paper] [[code](https://gitlab.com/brown-ssl/beebox)]
@@ -1950,7 +2014,13 @@ https://github.com/0xor0ne/awesome-list/
1950		2014
1951	## Misc	2015	## Misc
1952		2016
1953	[2024: "Love and hate - The cyber tale between fuzzer and exploits in Linux kernel" by Zou Xiaochen](https://www.youtube.com/watch?v=cDcMlMH-XjU) [video]	2017	[2024: "More Bang for Your Bug!" by Eduardo Vela and Space Meyer](https://docs.google.com/presentation/d/163DiKhThCTEb4Udv9FWfBQOiDtOXQHiCZ61pE-srBOw/present) [slides] [[video](https://www.youtube.com/watch?v=S0Wzy0Knw0M)]
		2018
		2019	[2024: "Linux Kernel CVEs, What Has Caused So Many to Suddenly Show Up?" by Greg Kroah-Hartman](https://git.sr.ht/~gregkh/presentation-security/blob/main/security-stuff.pdf) [slides] [[video](https://www.youtube.com/watch?v=Rg_VPMT0XXw)]
		2020
		2021	[2024: "Reverse Engineering a Kernel Driver chall: S01 E01"](https://www.youtube.com/watch?v=Ar4dZNL9rHE) [video] [[E02](https://www.youtube.com/watch?v=e7ydGxJ5fTQ)]
		2022
		2023	[2024: "Love and hate - The cyber tale between fuzzer and exploits in Linux kernel" by Zou Xiaochen](https://www.youtube.com/watch?v=cDcMlMH-XjU) [video] [[slides](https://github.com/star-sg/OBO/blob/main/2024/Day%202/Love%20and%20hate%20-%20The%20cyber%20tale%20between%20fuzzer%20and%20exploits%20in%20Linux%20kernel.pptx)]
1954		2024
1955	[2024: "Reflections on RANDSTRUCT in GrapheneOS" by Julien Voisin](https://dustri.org/b/reflections-on-randstruct-in-grapheneos.html) [article]	2025	[2024: "Reflections on RANDSTRUCT in GrapheneOS" by Julien Voisin](https://dustri.org/b/reflections-on-randstruct-in-grapheneos.html) [article]
1956		2026
@@ -1970,7 +2040,7 @@ https://github.com/0xor0ne/awesome-list/
1970		2040
1971	[2024: "Linux is a CNA" by Greg Kroah-Hartman](http://www.kroah.com/log/blog/2024/02/13/linux-is-a-cna/) [article]	2041	[2024: "Linux is a CNA" by Greg Kroah-Hartman](http://www.kroah.com/log/blog/2024/02/13/linux-is-a-cna/) [article]
1972		2042
1973	[2024: "An Investigation of Patch Porting Practices of the Linux Kernel Ecosystem"](https://arxiv.org/pdf/2402.05212.pdf) [paper]	2043	[2024: "An Investigation of Patch Porting Practices of the Linux Kernel Ecosystem"](https://arxiv.org/pdf/2402.05212.pdf) [paper] [[video](https://www.youtube.com/watch?v=nE0QcLT3Tvs)]
1974		2044
1975	[2023: "Syzbot: 7 years of continuous kernel fuzzing" by Aleksandr Nogikh](https://lpc.events/event/17/contributions/1521/attachments/1272/2698/LPC'23_%20Syzbot_%207%20years%20of%20continuous%20kernel%20fuzzing.pdf) [slides] [[video](https://www.youtube.com/watch?v=sDMNEBoTtrI)]	2045	[2023: "Syzbot: 7 years of continuous kernel fuzzing" by Aleksandr Nogikh](https://lpc.events/event/17/contributions/1521/attachments/1272/2698/LPC'23_%20Syzbot_%207%20years%20of%20continuous%20kernel%20fuzzing.pdf) [slides] [[video](https://www.youtube.com/watch?v=sDMNEBoTtrI)]
1976		2046
@@ -2055,3 +2125,5 @@ https://github.com/hardenedvault/ved-ebpf
2055	https://github.com/thebabush/linux-russian-roulette	2125	https://github.com/thebabush/linux-russian-roulette
2056		2126
2057	https://kspp.github.io/	2127	https://kspp.github.io/
		2128
		2129	https://github.com/androidoffsec/libdevbinder