From 7d7653a473a26ec61f36e4d886b9c43d16371c1a Mon Sep 17 00:00:00 2001
From: Andrey Konovalov
Date: Thu, 7 Jul 2022 16:46:30 +0200
Subject: May/June updates

---
 README.md | 40 +++++++++++++++++++++++++++++++++++++---
 1 file changed, 37 insertions(+), 3 deletions(-)

(limited to 'README.md')

diff --git a/README.md b/README.md
index 370fe12..953aad4 100644
--- a/README.md
+++ b/README.md
@@ -47,11 +47,15 @@ Subscribe to @linkersec on [Telegram](https://t.me/linkersec), [Twitter](https:/
 
 ### Exploitation
 
+[2022: "Linux kernel heap feng shui in 2022" by Michael S and Vitaly Nikolenko](https://duasynt.com/blog/linux-kernel-heap-feng-shui-2022) [article]
+
+[2022: "LiKE: A Series on Linux Kernel Exploitation" by sam4k](https://sam4k.com/like-a-series-on-linux-kernel-exploitation/) [article] [[modprobe_path](https://sam4k.com/like-techniques-modprobe_path/)]
+
 [2022: "Racing against the clock -- hitting a tiny kernel race window" by Jann Horn](https://googleprojectzero.blogspot.com/2022/03/racing-against-clock-hitting-tiny.html) [article]
 
 [2022: "Playing for K(H)eaps: Understanding and Improving Linux Kernel Exploit Reliability"](https://www.usenix.org/system/files/sec22fall_zeng.pdf) [paper]
 
-[2022: "Learning Linux kernel exploitation - Part 1 - Laying the groundwork"](https://0x434b.dev/dabbling-with-linux-kernel-exploitation-ctf-challenges-to-learn-the-ropes/) [article]
+[2022: "Learning Linux kernel exploitation" by 0x434b](https://0x434b.dev/dabbling-with-linux-kernel-exploitation-ctf-challenges-to-learn-the-ropes/) [article] [[part 2](https://0x434b.dev/learning-linux-kernel-exploitation-part-2-cve-2022-0847/)]
 
 [2021: "ExpRace: Exploiting Kernel Races through Raising Interrupts" at USENIX](https://www.usenix.org/system/files/sec21-lee-yoochan.pdf) [paper] [[slides](https://www.usenix.org/system/files/sec21_slides_lee_yoochan.pdf)] [[video](https://www.youtube.com/watch?v=CIHRw5YPr9o)]
 
@@ -180,7 +184,9 @@ Subscribe to @linkersec on [Telegram](https://t.me/linkersec), [Twitter](https:/
 [2005: "The story of exploiting kmalloc() overflows"](https://argp.github.io/public/kmalloc_exploitation.pdf) [article]
 
 
-## Protection Bypasses
+### Protection Bypasses
+
+[2022: "Tetragone: A Lesson in Security Fundamentals" by Pawel Wieczorkiewicz and Brad Spengler](https://grsecurity.net/tetragone_a_lesson_in_security_fundamentals) [article]
 
 [2021: "A General Approach to Bypassing Many Kernel Protections and its Mitigation" by Yueqi Chen](https://i.blackhat.com/asia-21/Friday-Handouts/as-21-Chen-A-General-Approach-To-Bypassing-Many-Kernel-Protections-And-Its-Mitigation.pdf) [slides] [[video](https://www.youtube.com/watch?v=EIwEF3tCtg4)]
 
@@ -240,6 +246,8 @@ Subscribe to @linkersec on [Telegram](https://t.me/linkersec), [Twitter](https:/
 
 ### Info-leaks
 
+[2022: "Yet another bug into Netfilter" by Arthur Mongodin](https://www.randorisec.fr/yet-another-bug-netfilter/) [article] [CVE-2022-1972]
+
 [2022: "The AMD Branch (Mis)predictor: Just Set it and Forget it!" by Pawel Wieczorkiewicz](https://grsecurity.net/amd_branch_mispredictor_just_set_it_and_forget_it) [article] [Spectre]
 
 [2022: "The AMD Branch (Mis)predictor Part 2: Where No CPU has Gone Before (CVE-2021-26341)" by Pawel Wieczorkiewicz](https://grsecurity.net/amd_branch_mispredictor_part_2_where_no_cpu_has_gone_before) [article] [Spectre]
@@ -279,6 +287,16 @@ Subscribe to @linkersec on [Telegram](https://t.me/linkersec), [Twitter](https:/
 
 ### LPE
 
+[2022: "The Android kernel mitigations obstacle race" by Man Yue Mo](https://github.blog/2022-06-16-the-android-kernel-mitigations-obstacle-race/) [article] [CVE-2022-22057]
+
+[2022: "io_uring - new code, new bugs, and a new exploit technique" by Lam Jun Rong](https://starlabs.sg/blog/2022/06/io_uring-new-code-new-bugs-and-a-new-exploit-technique/) [article] [CVE-2021-41073]
+
+[2022: "Exploration of the Dirty Pipe Vulnerability (CVE-2022-0847)" by lolcads](https://lolcads.github.io/posts/2022/06/dirty_pipe_cve_2022_0847/) [article] [CVE-2022-0847]
+
+[2022: "DirtyPipe-Android/TECHNICAL-DETAILS.md" by polygraphene](https://github.com/polygraphene/DirtyPipe-Android/blob/master/TECHNICAL-DETAILS.md) [article] [CVE-2022-0847]
+
+[2022: "Weaponizing dirtypipe on android" by Giovanni Rocca](https://docs.google.com/presentation/d/1Tq00gy1GtiK0OvNYOy_kCz0er9ZECBXGoy5Lfy5MD3M/edit?usp=sharing) [slides] [[exploit](https://github.com/iGio90/DirtyPipeZ)] [CVE-2022-0847]
+
 [2022: "How The Tables Have Turned: An analysis of two new Linux vulnerabilities in nf_tables" by David Bouman](https://blog.dbouman.nl/2022/04/02/How-The-Tables-Have-Turned-CVE-2022-1015-1016/) [CVE-2022-1015] [CVE-2022-1016]
 
 [2022: "The Discovery and Exploitation of CVE-2022-25636" by Nick Gregory](https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/) [article] [CVE-2022-25636]
@@ -301,6 +319,8 @@ Subscribe to @linkersec on [Telegram](https://t.me/linkersec), [Twitter](https:/
 
 [2022: "exploiting CVE-2019-2215" by cutesmilee](https://cutesmilee.github.io/kernel/linux/android/2022/02/17/cve-2019-2215_writeup.html) [article] [CVE-2019-2215]
 
+[2021: "Your Trash Kernel Bug, My Precious 0-day" by Zhenpeng Lin](https://zplin.me/talks/BHEU21_trash_kernel_bug.pdf) [slides] [CVE-2021-3715]
+
 [2021: "[CVE-2021-42008] Exploiting A 16-Year-Old Vulnerability In The Linux 6pack Driver"](https://syst3mfailure.io/sixpack-slab-out-of-bounds) [article] [CVE-2021-42008]
 
 [2021: "PWN2OWN Local Escalation of Privilege Category, Ubuntu Desktop Exploit"](https://flatt.tech/assets/reports/210401_pwn2own/whitepaper.pdf) [article] [CVE-TBD]
@@ -359,6 +379,8 @@ Subscribe to @linkersec on [Telegram](https://t.me/linkersec), [Twitter](https:/
 
 [2021: "Improving the exploit for CVE-2021-26708 in the Linux kernel to bypass LKRG" by Alexander Popov](https://a13xp0p0v.github.io/2021/08/25/lkrg-bypass.html) [article] [[slides](https://a13xp0p0v.github.io/img/CVE-2021-26708_LKRG_bypass.pdf)] [[video](https://www.youtube.com/watch?v=n6YLiYiCIMA)]
 
+[2021: "Gaining root access in Linux using the CVE-2021-26708 vulnerability" by Markel Azpeitia Loiti](https://addi.ehu.es/bitstream/handle/10810/53355/GrAL_MAzpeitia.pdf) [paper]
+
 [2021: "CVE-2014-3153" by Maher Azzouzi](https://github.com/MaherAzzouzi/LinuxKernelStudy/tree/main/CVE-2014-3153) [article] [CVE-2014-3153]
 
 [2021: "The curious case of CVE-2020-14381"](https://blog.frizn.fr/linux-kernel/cve-2020-14381) [article] [CVE-2020-14381]
@@ -666,6 +688,10 @@ Subscribe to @linkersec on [Telegram](https://t.me/linkersec), [Twitter](https:/
 
 ## Finding Bugs
 
+[2022: "GREBE: Unveiling Exploitation Potential for Linux Kernel Bugs"](https://zplin.me/papers/GREBE.pdf) [paper]
+
+[2022: "An In-depth Analysis of Duplicated Linux Kernel Bug Reports"](https://zplin.me/papers/bug_analysis.pdf) [paper]
+
 [2022: "Looking for Remote Code Execution bugs in the Linux kernel" by Andrey Konovalov](https://xairy.io/articles/syzkaller-external-network) [article]
 
 [2022: "Demystifying the Dependency Challenge in Kernel Fuzzing"](https://github.com/ZHYfeng/Dependency/blob/master/Paper.pdf) [paper]
@@ -792,7 +818,7 @@ Subscribe to @linkersec on [Telegram](https://t.me/linkersec), [Twitter](https:/
 
 [2019: "Razzer: Finding Kernel Race Bugs through Fuzzing"](https://www.youtube.com/watch?v=9UszCIxc0r0) [video] [[paper](https://lifeasageek.github.io/papers/jeong:razzer.pdf)]
 
-[2019: "Fuzzing File Systems via Two-Dimensional Input Space Exploration"](https://taesoo.kim/pubs/2019/xu:janus.pdf) [paper]
+[2019: "Fuzzing File Systems via Two-Dimensional Input Space Exploration"](https://taesoo.kim/pubs/2019/xu:janus.pdf) [paper] [[fuzzer](https://github.com/sslab-gatech/janus)]
 
 [2019: "PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary"](https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_04A-1_Song_paper.pdf) [paper]
 
@@ -867,6 +893,8 @@ Subscribe to @linkersec on [Telegram](https://t.me/linkersec), [Twitter](https:/
 
 ["Linux Kernel Defence Map" by Alexander Popov](https://github.com/a13xp0p0v/linux-kernel-defence-map)
 
+[2022: "Meaningful Bounds Checking in the Linux Kernel" by Kees Cook](https://outflux.net/slides/2022/lss-na/) [slides]
+
 [2022: "Compilers: The Old New Security Frontier" by Brad Spengler](https://grsecurity.net/Compilers_The_Old_New_Security_Frontier_BlueHat_IL_2022.pdf) [slides]
 
 [2022: "In-Kernel Control-Flow Integrity on Commodity OSes using ARM Pointer Authentication"](https://www.usenix.org/system/files/sec22fall_yoo.pdf) [paper]
@@ -1096,6 +1124,10 @@ https://github.com/Bonfee/CVE-2022-25636
 
 https://github.com/Bonfee/CVE-2022-0995
 
+https://github.com/tr3ee/CVE-2022-23222
+
+https://github.com/tr3ee/CVE-2021-4204
+
 
 ## Tools
 
@@ -1133,6 +1165,8 @@ https://github.com/snorez/ebpf-fuzzer
 
 https://github.com/SmoothHacker/LateRegistration
 
+https://github.com/sslab-gatech/janus
+
 
 ### Assorted
 
-- 
cgit v1.3