1 files changed, 77 insertions, 3 deletions

diff --git a/README.md b/README.md
index c428c78..6d4d593 100644
--- a/README.md
+++ b/README.md
@@ -160,7 +160,7 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 
 [2022: "Reviving Exploits Against Cred Structs - Six Byte Cross Cache Overflow to Leakless Data-Oriented Kernel Pwnage"](https://www.willsroot.io/2022/08/reviving-exploits-against-cred-struct.html) [article]
 
-[2022: "USMA: Share Kernel Code With Me" by Yong Liu, Jun Yao, and Xiaodong Wang](https://i.blackhat.com/Asia-22/Thursday-Materials/AS-22-YongLiu-USMA-Share-Kernel-Code.pdf) [slides] [[paper](https://i.blackhat.com/Asia-22/Thursday-Materials/AS-22-YongLiu-USMA-Share-Kernel-Code-wp.pdf)] [[article](https://vul.360.net/archives/391?continueFlag=2065c4d6bed3a8e7a80c495d7066e013)]
+[2022: "USMA: Share Kernel Code With Me" by Yong Liu, Jun Yao, and Xiaodong Wang](https://i.blackhat.com/Asia-22/Thursday-Materials/AS-22-YongLiu-USMA-Share-Kernel-Code.pdf) [slides] [[video](https://www.youtube.com/watch?v=JpPWp-LjmZU)] [[paper](https://i.blackhat.com/Asia-22/Thursday-Materials/AS-22-YongLiu-USMA-Share-Kernel-Code-wp.pdf)] [[article](https://vul.360.net/archives/391?continueFlag=2065c4d6bed3a8e7a80c495d7066e013)]
 
 [2022: "Linux kernel heap feng shui in 2022" by Michael S and Vitaly Nikolenko](https://duasynt.com/blog/linux-kernel-heap-feng-shui-2022) [article]
 
@@ -311,6 +311,8 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 
 ### Protection Bypasses
 
+[2025: "Defeating KASLR by Doing Nothing at All" by Seth Jenkins](https://googleprojectzero.blogspot.com/2025/11/defeating-kaslr-by-doing-nothing-at-all.html) [article]
+
 [2025: "The Journey of Bypassing Ubuntu’s Unprivileged Namespace Restriction" by Pumpkin Chang](https://u1f383.github.io/linux/2025/06/26/the-journey-of-bypassing-ubuntus-unprivileged-namespace-restriction.html) [article]
 
 [2025: "Exploring Kernel Address Leakage via WARN()" by Pumpkin Chang](https://u1f383.github.io/linux/2025/06/14/exploring-kernel-address-leakage-via-WARN.html) [article]
@@ -472,6 +474,22 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 
 ### LPE
 
+[2025: "Exploiting CVE-2025-21479 on a Samsung S23" by XploitBengineer](https://xploitbengineer.github.io/CVE-2025-21479) [article] [CVE-2025-21479]
+
+[2025: "LPE via refcount imbalance in the af_unix of Ubuntu's Kernel" by kylebot](https://ssd-disclosure.com/lpe-via-refcount-imbalance-in-the-af_unix-of-ubuntus-kernel/) [article] [CVE-UNKNOWN]
+
+[2025: "Cracking the Pixel 8: Exploiting the Undocumented DSP to Bypass MTE" by Pan Zhenpeng & Jheng Bing Jhong](https://hitcon.org/2025/slides/b7635c13-282e-4673-8297-43ed3550b3d3.pdf) [slides] [[video](https://www.youtube.com/watch?v=_iSwTuBIZQ8)]
+
+[2025: "DirtyPipe-CVE-2022-0847" by Abdul Qadir](https://0xnull007.github.io/posts/dirtypipe-cve-2022-0847) [article] [CVE-2022-0847]
+
+[2025: "Oops! It's a kernel stack use-after-free: Exploiting NVIDIA's GPU Linux drivers" by Robin Bastide](https://blog.quarkslab.com/nvidia_gpu_kernel_vmalloc_exploit.html) [article] [CVE-2025-23280] [CVE-2025-23330]
+
+[2025: "ksmbd - Exploiting CVE-2025-37947" by Norbert Szetei](https://blog.doyensec.com/2025/10/08/ksmbd-3.html) [article] [CVE-2025-37947] [[exploit](https://github.com/doyensec/KSMBD-CVE-2025-37947)]
+
+[2025: "Analysing a 1-day Vulnerability in the Linux Kernel's TLS Subsystem" by Faith](https://faith2dxy.xyz/2025-10-02/kCTF-TLS-nday-analysis/) [article] [CVE-2025-39946] [[exploit](https://github.com/farazsth98/exploit-CVE-2025-39946)]
+
+[2025: "Analyze Linux Kernel 1-day 0aeb54ac" by Pumpkin Chang](https://u1f383.github.io/linux/2025/10/03/analyze-linux-kernel-1-day-0aeb54ac.html) [article] [CVE-2025-39946]
+
 [2025: "Kernel-hack-drill and a new approach to exploiting CVE-2024-50264 in the Linux kernel" by Alexander Popov](https://a13xp0p0v.github.io/2025/09/02/kernel-hack-drill-and-CVE-2024-50264.html) [article] [CVE-2024-50264]
 
 [2025: "A Walk Through Android Physical Memory: CVE-2025-21479 Privilege Escalation"](https://dawnslab.jd.com/android_gpu_attack_cve_2025_21479/) [article] [[comment](https://notnow.dev/notice/AxeTvYDZPDEvRjmLpY)] [CVE-2025-21479]
@@ -496,6 +514,8 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 
 [2025: "Linux Kernel Exploitation: CVE-2025-21756: Attack of the Vsock" by Michael Hoefler](https://hoefler.dev/articles/vsock.html) [article] [CVE-2025-21756]
 
+[2025: "CVE-2025-21692 nday writeup" by volticks](https://volticks.github.io/CVE-2025-21692-nday-writeup/) [article] [[exploit](https://github.com/volticks/CVE-2025-21692-poc)] [CVE-2025-21756]
+
 [2025: "Exploiting CVE-2024-0582 via the Dirty Pagetable Method" by Kuzey Arda Bulut](https://kuzey.rs/posts/Dirty_Page_Table/) [article] [CVE-2024-0582]
 
 [2025: "Kernel-Hack-Drill: Environment For Developing Linux Kernel Exploits" by Alexander Popov](https://a13xp0p0v.github.io/img/Alexander_Popov-Kernel_Hack_Drill-Zer0Con.pdf) [slides] [CVE-2024-50264]
@@ -518,7 +538,7 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 
 [2024: "GPUAF - Two ways of Rooting All Qualcomm based Android phones" by Pan Zhenpeng and Jheng Bing Jhong](https://powerofcommunity.net/poc2024/Pan%20Zhenpeng%20&%20Jheng%20Bing%20Jhong,%20GPUAF%20-%20Two%20ways%20of%20rooting%20All%20Qualcomm%20based%20Android%20phones.pdf) [slides] [CVE-2024-23380] [CVE-2024-23373]
 
-[2024: "Breaking through the cage: Get Android universal root by B-PUAF" by Lu Yutao and Ling Hanqin](https://powerofcommunity.net/poc2024/Hanqin%20Ling%20&%20Yutao%20Lu,%20Breaking%20through%20the%20cage%20-%20Get%20Android%20Universal%20Root%20by%20B-PUAF.pdf) [slides] [CVE-2024-46740]
+[2024: "Breaking through the cage: Get Android universal root by B-PUAF" by Lu Yutao and Ling Hanqin](https://powerofcommunity.net/assets/v0/poc2024/Hanqin%20Ling%20&%20Yutao%20Lu,%20Breaking%20through%20the%20cage%20-%20Get%20Android%20Universal%20Root%20by%20B-PUAF.pdf) [slides] [CVE-2024-46740]
 
 [2024: "Unleashing a 0day: Pivoting Capabilities and Conquering the Linux Kernel" by Pedro Pinto](https://www.figma.com/deck/GyXCgKKy6rMuY7NVZtInjY/Unleadhing-a-Oday---Osec?node-id=13-225) [slides] [[video](https://www.youtube.com/watch?v=bxJhlwGjwWQ)] [CVE-2024-41010]
 
@@ -526,7 +546,7 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 
 [2024: "1day vuln dev: DirtyCOW"](https://www.youtube.com/watch?v=lQOiH-43zOc) [video] [CVE-2016-5195]
 
-[2024: "Race conditions in Linux Kernel perf events"](https://binarygecko.com/race-conditions-in-linux-kernel-perf-events/) [[code](https://github.com/Binary-Gecko/perf_PoC)] [CVE-UNKNOWN]
+[2024: "Race conditions in Linux Kernel perf events"](https://binarygecko.com/blog/race-conditions-in-linux-kernel-perf-events/) [[code](https://github.com/Binary-Gecko/perf_PoC)] [CVE-UNKNOWN]
 
 [2024: "CVE-2020-27786 (Race Condition + Use-After-Free)" by ii4gsp](https://ii4gsp.github.io/cve-2020-27786/) [article] [CVE-2020-27786]
 
@@ -580,6 +600,8 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 
 [2024: "CVE-2023-5178: exploiting Linux kernel NVMe-oF-TCP driver on Ubuntu 23.10" by rockrid3r](https://rockrid3r.github.io/2024/02/07/CVE-2023-5178.html) [article] [CVE-2023-5178] [[exploit](https://github.com/rockrid3r/CVE-2023-5178)]
 
+[2023: "Exploiting null-derefs" by Seth Jenkins](https://powerofcommunity.net/assets/v0/poc2023/SethJenkins.pdf) [slides] [CVE-UNKNOWN]
+
 [2023: "Linux Kernel GSM Multiplexing Race Condition Local Privilege Escalation Vulnerability (CVE-2023-6546)" by Nassim Asrir](https://github.com/Nassim-Asrir/ZDI-24-020/) [CVE-2023-6546]
 
 [2023: "Conquering the memory through io_uring - Analysis of CVE-2023-2598"](https://anatomic.rip/cve-2023-2598/) [article] [[exploit](https://github.com/ysanatomic/io_uring_LPE-CVE-2023-2598)] [CVE-2023-2598]
@@ -632,6 +654,8 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 
 [2023: "Pwning the all Google phone with a non-Google bug"](https://github.blog/2023-01-23-pwning-the-all-google-phone-with-a-non-google-bug/) [article] [CVE-2022-38181]
 
+[2023: "CVE-2023-0386 analysis and exploitation" by chenaotian](https://github.com/chenaotian/CVE-2023-0386) [article] [CVE-2023-0386]
+
 [2022: "Linux kernel io_uring module pbuf_ring vulnerability and privilege escalation 0day"](https://dawnslab.jd.com/linux-5.19-rc2_pbuf_ring_0day/) [article [CVE-UNKNOWN]
 
 [2022: "CVE-2022-1015: A validation flaw in Netfilter leading to Local Privilege Escalation" by Yordan Stoychev](https://anatomic.rip/cve-2022-1015/) [article] [CVE-2022-1015]
@@ -1021,6 +1045,8 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 
 ### RCE
 
+[2025: "Eternal-Tux: Crafting a Linux Kernel KSMBD 0-Click RCE Exploit from N-Days" by William Liu](https://www.willsroot.io/2025/09/ksmbd-0-click.html) [article] [CVE-2023-52440] [CVE-2023-4130]
+
 [2024: "Listen Up: Sonos Over-The-Air Remote Kernel Exploitation and Covert Wiretap" by Robert Herrera and Alex Plaskett](https://www.nccgroup.com/media/uzbp3ttw/bhus24_sonos_whitepaper.pdf) [article] [[slides](https://i.blackhat.com/BH-US-24/Presentations/US-24-Herrera-Listen-Up-Sonos-Over-The-Air-Exploitation-and-Covert-Wiretap-Thursday.pdf)] [[video](https://www.youtube.com/watch?v=piw0CZ46-Q0)] [CVE-2023-50809] [CVE-2024-20018]
 
 [2023: "Abusing Linux In-Kernel SMB Server to Gain Kernel Remote Code Execution" by Guillaume Teissier and Quentin Minster](https://www.youtube.com/watch?v=XT6jLBbzwFM) [video] [CVE-2022-47943] [CVE-2023-2593]
@@ -1044,6 +1070,14 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 
 ### Other
 
+[2025: "Dissecting a 1-Day Vulnerability in Linux's XFRM Subsystem" by Shreyas Penkar](https://streypaws.github.io/posts/Dissecting-a-1-Day-Vulnerability-in-Linux-XFRM-Subsystem/) [article] [CVE-2025-39965] [[trigger](https://github.com/Shreyas-Penkar/CVE-2025-39965)]
+
+[2025: "A Quick Note on CVE-2025-38617" by Pumpkin Chang](https://u1f383.github.io/linux/2025/08/27/a-quick-note-on-CVE-2025-38617.html) [article] [CVE-2025-38617]
+
+[2025: "Fast & Faulty - A Use After Free in KGSL Fault Handling" by Shreyas Penkar](https://streypaws.github.io/posts/Fast-and-Faulty-A-Use-After-Free-in-KGSL-Fault-Handling/) [article] [CVE-2024-38399]
+
+[2025: "Race Against Time in the Kernel’s Clockwork" by Shreyas Penkar](https://streypaws.github.io/posts/Race-Against-Time-in-the-Kernel-Clockwork/) [article] [CVE-2025-38352]
+
 [2025: "Analysis of CVE-2025-37756, an UAF Vulnerability in Linux KTLS" by Pumpkin Chang](https://u1f383.github.io/linux/2025/09/03/analysis-of-CVE-2025-37756-an-uaf-vulnerability-in-linux-ktls.html) [article] [CVE-2025-37756] 
 
 [2025: "ZDI-25-310: Remote NULL Deref in Linux KSMBD" by Slava Moskvin](https://slavamoskvin.com/zdi-25-310-remote-null-deref-in-linux-ksmbd/) [article] [CVE-2025–22037]
@@ -1195,6 +1229,14 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 
 ## Finding Bugs
 
+[2025: "KNighter: Transforming Static Analysis with LLM-Synthesized Checkers"](https://arxiv.org/pdf/2503.09002) [paper] [[code](https://github.com/ise-uiuc/KNighter)]
+
+[2025: "SyzSpec: Specification Generation for Linux Kernel Fuzzing via Under-Constrained Symbolic Execution"](https://www.cs.ucr.edu/~zhiyunq/pub/ccs25_syzspec.pdf) [paper]
+
+[2025: "Lucid Dreams I: Lucid's First Time Fuzzing" by h0mbre](https://h0mbre.github.io/Lucid_Dreams_1/) [article] [[part 2](https://h0mbre.github.io/Lucid_Dreams_2/)]
+
+[2025: "A Syzkaller Summer: Fixing False Positive Soft Lockups in net/sched Fuzzing" by William Liu](https://www.willsroot.io/2025/09/syz-summer-2025.html) [article]
+
 [2025: "MCP AI agents for the Linux kernel development" by Sabyrzhan Tasbolatov](https://docs.google.com/presentation/d/e/2PACX-1vRb56kZ4L81aixA416A7SWYr7zSK694RxM5L57hAV1g6IPEiYv9Y8ciQtLYkrEujoUxkp3jEtbT0NVW/pub?start=false&loop=false&delayms=3000&slide=id.p) [slides] [[code](https://github.com/novitoll/mcp-linux-kernel)]
 
 [2025: "Bypassing Kernel Barriers: Fuzzing Linux Kernel in Userspace with LKL" by Eugene Rodionov and Xuan Xing](https://static.sched.com/hosted_files/lssna2025/01/Bypass%20Kernel%20Barriers_%20Fuzzing%20Linux%20Kernel%20in%20Userspace%20with%20LKL.pdf) [slides] [[video](https://www.youtube.com/watch?v=Wxmi-2ROYNk)] [[code](https://github.com/lkl/linux/tree/master/tools/lkl/fuzzers)]
@@ -1223,6 +1265,8 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 
 [2025: "Uncovering New Classes of Kernel Vulnerabilities" by Jakob Koschel](https://research.vu.nl/ws/portalfiles/portal/380101013/thesis%20-%20674c5b8426eb2.pdf) [thesis]
 
+[2024: "Head First Reporting of Linux Kernel CVEs: Practical Use of the Kernel Fuzzer" by Yunseong Kim](https://static.sched.com/hosted_files/sosscdjapan2024/7a/Head%20First%20Reporting%20of%20Linux%20Kernel%20CVEs%20-%20sosscj24.pdf) [slides]
+
 [2024: "CountDown: Refcount-guided Fuzzing for Exposing Temporal Memory Errors in Linux Kernel" by Shuangpeng Bai et al.](https://huhong789.github.io/papers/bai:countdown.pdf) [paper]
 
 [2024: "Hunting Bugs in Linux Kernel With KASAN: How to Use it & What's the Benefit?" by Slava Moskvin](https://slavamoskvin.com/hunting-bugs-in-linux-kernel-with-kasan-how-to-use-it-whats-the-benefit/) [article]
@@ -1536,6 +1580,16 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 
 ["Linux Kernel Defence Map" by Alexander Popov](https://github.com/a13xp0p0v/linux-kernel-defence-map)
 
+[2025: "Enhancing FineIBT" by Jake Edge](https://lwn.net/Articles/1039633/) [article]
+
+[2025: "Linux Kernel Runtime Guard (LKRG) 1.0" by Solar Designer](https://www.openwall.com/presentations/NullconBerlin2025-LKRG/) [slides]
+
+[2025: "Prioritizing the Linux OS Hardening and CVE Mitigation" by Baoli Zhang](https://www.youtube.com/watch?v=tzi5yyRqFZw) [video]
+
+[2025: "Kernel Hardening With Protection Keys" by Kevin Brodsky](https://www.youtube.com/watch?v=MrA2nmMgu6I) [video]
+
+[2025: "Upstream Kernel Hardening: Progress on Enabling -Wflex-array-member-not-at-end" by Gustavo A. R. Silva](https://embeddedor.com/slides/2025/osseu/osseu2025.pdf) [slides] [[video](https://www.youtube.com/watch?v=nz0GId_zsIk)]
+
 [2025: "Linux Kernel Hardening: Ten Years Deep" by Kees Cook](https://outflux.net/slides/2025/lss/kspp-decade.pdf) [slides] [[video](https://www.youtube.com/watch?v=c_NxzSRG50g)]
 
 [2025: "IUBIK: Isolating User Bytes in Commodity Operating System Kernels via Memory Tagging Extensions" by Marius Momeu et al.](https://www.computer.org/csdl/proceedings-article/sp/2025/223600a829/26hiTXrQMjS) [paper]
@@ -1680,6 +1734,8 @@ See [xairy.io/trainings/](https://xairy.io/trainings/).
 
 [2021: "Undo Workarounds for Kernel Bugs"](https://www.usenix.org/system/files/sec21fall-talebi.pdf) [paper]
 
+[2020: "Mitigating (Some) Use-after-frees in the Linux Kernel" by Jann Horn](https://static.sched.com/hosted_files/lssna2020/0b/LSSNA_2020_Jann_Horn_UAF_Mitigation.pdf) [slides]
+
 [2020: "Kernel Integrity Enforcement with HLAT In a Virtual Machine" by Chao Gao](https://static.sched.com/hosted_files/osseu2020/ce/LSSEU20_kernel%20integrity%20enforcement%20with%20HLAT%20in%20a%20virtual%20machine_v3.pdf) [slides] [[video](https://www.youtube.com/watch?v=N8avvE_neV0)]
 
 [2020: "Linux kernel heap quarantine versus use-after-free exploits" by Alexander Popov](https://a13xp0p0v.github.io/2020/11/30/slab-quarantine.html) [article]
@@ -1952,6 +2008,10 @@ https://github.com/h0mbre/Lucid
 
 https://github.com/b17fr13nds/lxfuzz [[notes](https://b17fr13nds.github.io/posts/kernel_fuzzer_lxfuzz/)]
 
+https://github.com/worthdoingbadly/hid-parser-harness
+
+https://github.com/lkl/linux/pull/564
+
 
 ### Assorted
 
@@ -2029,6 +2089,10 @@ https://github.com/google/kernel-research
 
 https://github.com/Bariskizilkaya/OphthalmosMono
 
+https://github.com/kzall0c/vock [[demo video](https://www.youtube.com/watch?v=QvWtFuQy2r8)]
+
+https://github.com/bcoles/rootkit-signal-hunter
+
 
 ## Practice
 
@@ -2057,6 +2121,14 @@ https://github.com/Bariskizilkaya/OphthalmosMono
 
 HackTheBox (knote): [writeup](https://pwning.tech/knote/)
 
+WMCTF 2025 (wm_easyker): [writeup](https://blog.xmcve.com/2025/09/22/WMCTF2025-Writeup/#title-5)
+
+STAR Labs Summer Pwnables 2025 (paradox_engine): [writeup](https://u1f383.github.io/linux/2025/09/01/starlabs-summer-pwnables-linux-kernel-challenge-writeup.html)
+
+BlackHat MEA 2025 Quals: [writeup](https://ptr-yudai.hatenablog.com/entry/2025/09/14/180326)
+
+corCTF 2025 (corphone): [writeup](https://u1f383.github.io/android/2025/09/08/corCTF-2025-corphone.html)
+
 MCTF 2025 (Sec Mem): [writeup](https://blog.itarow.xyz/posts/mctf_2025_sec_mem/)
 
 TsukuCTF 2025 (easy_kernel, xcache, new_era): [writeup](https://iwancof.github.io/about-me/writeups/TsukuCTF2025/)
@@ -2258,6 +2330,8 @@ https://github.com/0xor0ne/awesome-list/
 
 ## Misc
 
+[2025: "The anatomy of a bug: 6 Months at STAR Labs" by Gerrard Tai](https://gerrardtai.com/anatomy-of-a-bug) [article]
+
 [2025: "Qualcomm DSP Kernel Internals" by Shreyas Penkar](https://streypaws.github.io/posts/DSP-Kernel-Internals/) [article]
 
 [2025: "Debugging the Pixel 8 kernel via KGDB" by Andrey Konovalov](https://xairy.io/articles/pixel-kgdb) [article]