1 files changed, 36 insertions, 2 deletions

diff --git a/README.md b/README.md
index 06701c9..cc84347 100644
--- a/README.md
+++ b/README.md
@@ -248,7 +248,13 @@ Pull requests are welcome.
 
 ### LPE
 
-[2021: "Four Bytes of Power: exploiting CVE-2021-26708 in the Linux kernel"](https://a13xp0p0v.github.io/2021/02/09/CVE-2021-26708.html) [article] [CVE-2021-26708]
+[2021: "CVE-2021-20226: A Reference-Counting Bug in the Linux Kernel io_uring Subsystem" by Lucas Leong](https://www.zerodayinitiative.com/blog/2021/4/22/cve-2021-20226-a-reference-counting-bug-in-the-linux-kernel-iouring-subsystem) [article, CVE-2021-20226]
+
+[2021: "One day short of a full chain: Part 1 - Android Kernel arbitrary code execution" by Man Yue Mo](https://securitylab.github.com/research/one_day_short_of_a_fullchain_android/) [article, GHSL-2020-375]
+
+[2021: "New Old Bugs in the Linux Kernel"](https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.html) [article, CVE-2021-27365, CVE-2021-27363, CVE-2021-27364]
+
+[2021: "Four Bytes of Power: exploiting CVE-2021-26708 in the Linux kernel"](https://a13xp0p0v.github.io/2021/02/09/CVE-2021-26708.html) [article] [[slides](https://a13xp0p0v.github.io/img/CVE-2021-26708.pdf)] [CVE-2021-26708]
 
 [2021: "The curious case of CVE-2020-14381"](https://blog.frizn.fr/linux-kernel/cve-2020-14381) [article] [CVE-2020-14381]
 
@@ -322,6 +328,8 @@ Pull requests are welcome.
 
 [2019: "Linux kernel 4.20 BPF integer overflow vulnerability analysis"](http://p4nda.top/2019/01/02/kernel-bpf-overflow/) [article]
 
+[2019: "Attacking DRM subsystem to gain kernel privilege on Chromebooks" by Di Shen](https://speakerdeck.com/retme7/attacking-drm-subsystem-to-gain-kernel-privilege-on-chromebooks) [slides, CVE-2019-16508] [[video](https://www.youtube.com/watch?v=lBgtZvIxEwA)]
+
 [2018: "Linux kernel 4.20 BPF integer overflow-heap overflow vulnerability and its exploitation"](https://www.anquanke.com/post/id/166819) [article]
 
 [2018: "CVE-2017-11176: A step-by-step Linux Kernel exploitation](https://blog.lexfo.fr/) [article] [CVE-2017-11176]
@@ -481,7 +489,7 @@ Pull requests are welcome.
 
 ### RCE
 
-2020: BleedingTooth vulnarabilities by Andy Nguyen: [BadChoice](https://github.com/google/security-research/security/advisories/GHSA-7mh3-gq28-gfrq), [BadKarma](https://github.com/google/security-research/security/advisories/GHSA-h637-c88j-47wq), [BadVibes](https://github.com/google/security-research/security/advisories/GHSA-ccx2-w2r4-x649) [article] [CVE-2020-12352, CVE-2020-12351, CVE-2020-24490]
+[2021: "BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution" by Andy Nguyen](https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup): [BadChoice](https://github.com/google/security-research/security/advisories/GHSA-7mh3-gq28-gfrq), [BadKarma](https://github.com/google/security-research/security/advisories/GHSA-h637-c88j-47wq), [BadVibes](https://github.com/google/security-research/security/advisories/GHSA-ccx2-w2r4-x649) [article] [CVE-2020-12352, CVE-2020-12351, CVE-2020-24490]
 
 [2017: "Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 2)" by Gal Beniamini](https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_11.html) [article] [CVE-2017-0569]
 
@@ -496,6 +504,8 @@ Pull requests are welcome.
 
 ### Other
 
+[2021: "A foray into Linux kernel exploitation on Android" by Ayaz Mammadov](https://mcyoloswagham.github.io/linux/) [article]
+
 [2021: "ZDI-20-1440: An Incorrect Calculation Bug in the Linux Kernel eBPF Verifier" by Lucas Leong](https://www.zerodayinitiative.com/blog/2021/1/18/zdi-20-1440-an-incorrect-calculation-bug-in-the-linux-kernel-ebpf-verifier) [article]
 
 [2020: "CVE-2020-16119"](https://github.com/HadarManor/Public-Vulnerabilities/blob/master/CVE-2020-16119/CVE-2020-16119.md) [article] [CVE-2020-16119]
@@ -525,6 +535,12 @@ Pull requests are welcome.
 
 ## Finding Bugs
 
+[2021: "Detecting Kernel Memory Leaks in Specialized Modules with Ownership Reasoning"](https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/k-meld.pdf) [paper]
+
+[2021: "Understanding and Detecting Disordered Error Handling with Precise Function Pairing"](https://www.usenix.org/system/files/sec21summer_wu-qiushi.pdf) [paper]
+
+[2021: "KFENCE - Detecting memory bugs in production kernels"](https://thomasw.dev/post/kfence/) [article]
+
 [2021: "Fuzzing the Linux Kernel" by Andrey Konovalov](https://linuxfoundation.org/wp-content/uploads/2021-Linux-Foundation-Mentorship-Series_-Fuzzing-the-Linux-Kernel.pdf) [slides] [[video](https://www.youtube.com/watch?v=4IBWj21tg-c)]
 
 [2021: "Dynamic program analysis for fun and profit" by Dmitry Vyukov](https://linuxfoundation.org/wp-content/uploads/Dynamic-program-analysis_-LF-Mentorship.pdf) [slides] [[video](https://www.youtube.com/watch?v=ufcyOkgFZ2Q)]
@@ -571,6 +587,12 @@ Pull requests are welcome.
 
 [2020: "Analyzing the Linux Kernel in Userland with AFL and KLEE"](https://blog.grimm-co.com/post/analyzing-the-linux-kernel-in-userland-with-afl-and-klee/) [article]
 
+[2020: "Precisely Characterizing Security Impact in a Flood of Patches via Symbolic Rule Comparison"](https://www.ndss-symposium.org/wp-content/uploads/2020/02/24419-paper.pdf) [paper] [[slides](https://www.ndss-symposium.org/wp-content/uploads/24419-slides.pdf)] [[video](https://www.youtube.com/watch?v=fpkXkvwKbZw)]
+
+[2020: "Finding Race Conditions in Kernels: from Fuzzing to Symbolic Execution" by Meng Xu](https://gts3.org/assets/papers/2020/xu:thesis.pdf) [thesis]
+
+[2020: "A Hybrid Interface Recovery Method for Android Kernels Fuzzing"](https://qrs20.techconf.org/QRS2020_FULL/pdfs/QRS2020-4LGdOos7NAbR8M2s6S6ezE/891300a335/891300a335.pdf) [paper]
+
 [2019: "perf fuzzer: Exposing Kernel Bugs by Detailed Fuzzing of a Specific System Call (2019 Update)" by Vincent M. Weaver and Dave Jones](http://web.eece.maine.edu/~vweaver/projects/perf_events/fuzzer/2019_perf_fuzzer_tr.pdf) [paper]
 
 [2019: "Industry Practice of Coverage-Guided Enterprise Linux Kernel Fuzzing"](http://wingtecher.com/themes/WingTecherResearch/assets/papers/fse19-linux-kernel.pdf) [paper]
@@ -591,6 +613,10 @@ Pull requests are welcome.
 
 [2019: "Hourglass Fuzz: A Quick Bug Hunting Method"](https://conference.hitb.org/hitbsecconf2019ams/materials/D1T2%20-%20Hourglass%20Fuzz%20-%20A%20Quick%20Bug%20Hunting%20Method%20-%20Moony%20Li,%20Todd%20Han,%20Lance%20Jiang%20&%20Lilang%20Wu.pdf) [slides]
 
+[2019: "Detecting Missing-Check Bugs via Semantic- and Context-Aware Criticalness and Constraints Inferences"](https://www.usenix.org/system/files/sec19-lu.pdf) [paper] [[slides](https://www.usenix.org/sites/default/files/conference/protected-files/sec19_slides_lu.pdf)]
+
+[2019: "Automatically Identifying Security Checks for Detecting Kernel Semantic Bugs"](https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/cheq.pdf) [paper]
+
 [2018: "FastSyzkaller: Improving Fuzz Efficiency for Linux Kernel Fuzzing"](https://iopscience.iop.org/article/10.1088/1742-6596/1176/2/022013/pdf) [paper]
 
 [2018: "Writing the worlds worst Android fuzzer, and then improving it" by Brandon Falk](https://gamozolabs.github.io/fuzzing/2018/10/18/terrible_android_fuzzer.html) [article]
@@ -656,6 +682,8 @@ Pull requests are welcome.
 
 [2021: "security things in Linux vX.X" by Kees Cook](https://outflux.net/blog/archives/2021/02/08/security-things-in-linux-v5-8/) [articles]
 
+[2021: "Undo Workarounds for Kernel Bugs"](https://www.usenix.org/system/files/sec21fall-talebi.pdf) [paper]
+
 [2020: "Kernel Integrity Enforcement with HLAT In a Virtual Machine" by Chao Gao](https://static.sched.com/hosted_files/osseu2020/ce/LSSEU20_kernel%20integrity%20enforcement%20with%20HLAT%20in%20a%20virtual%20machine_v3.pdf) [slides] [[video](https://www.youtube.com/watch?v=N8avvE_neV0)]
 
 [2020: "Linux kernel heap quarantine versus use-after-free exploits" by Alexander Popov](https://a13xp0p0v.github.io/2020/11/30/slab-quarantine.html) [article]
@@ -672,6 +700,8 @@ Pull requests are welcome.
 
 [2020: "Control Flow Integrity in the Linux Kernel" by Kees Cook at linux.conf.au](https://outflux.net/slides/2020/lca/cfi.pdf) [slides] [[video](https://www.youtube.com/watch?v=0Bj6W7qrOOI)]
 
+[2020: "Identification of Kernel Memory Corruption Using Kernel Memory Secret Observation Mechanism"](https://www.jstage.jst.go.jp/article/transinf/E103.D/7/E103.D_2019ICP0011/_pdf/-char/en) [paper]
+
 [2019: "Camouflage: Hardware-assisted CFI for the ARM Linux kernel"](https://arxiv.org/pdf/1912.04145v1.pdf) [paper]
 
 [2019: "A New Proposal for Protecting Kernel Data Memory" by Igor Stoppa at Linux Security Summit EU](https://www.youtube.com/watch?v=nPH2sQAD6RY) [video]
@@ -1029,6 +1059,8 @@ https://github.com/crowell/old_blog/blob/source/source/_posts/2014-11-24-hosting
 
 ## Misc
 
+[2021: "On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commit"](https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf) [paper]
+
 [2020: "Android / Linux SLUB aliasing for general- and special-purpose caches" by Vitaly Nikolenko](https://www.youtube.com/watch?v=5-eRsA0l8Pg) [video]
 
 https://github.com/hackedteam
@@ -1044,3 +1076,5 @@ https://www.youtube.com/c/dayzerosec/videos
 https://github.com/milabs/lkrg-bypass
 
 https://github.com/V4bel/kernel-exploit-technique
+
+https://github.com/mudongliang/reproduce_kernel_bugs