• LK v4.15.x - unwind_orc - stack out-of-bounds

    unwind_orc - read 8 bytes stack oob in unwind_next_frame posted & found by zer0day tl;dr I just found the bug(?) stack oob (8 bytes read) in unwind_orc. So i just tested it on the latest LK (v4.15.0-rc4 currently), and it worked. But i found the commit about this bug(?). He(Commiter)...


  • LK v4.15.x - spinlock recursion, deadlock

    spin-lock recursion bug (leading to deadlock) posted & found by tl;dr There’s no any recursion check on spin-lock where i found (not exact). So when executed recursively, deadlock is triggered. It needs to check current and calling thread id so that avoiding deadlock at recursive cases. Below is p-sudo code...


  • LKE v4.13.x - waitid() LPE

    Linux Kernel waitid() Local Privilege Escalation posted by zer0day, 10/29/2017 tl;dr Some days ago, i just saw this vulnerability somewhere in google. It’s about Kernel Exploitation, CVE-2017-5123. Maybe It works on 4.14.0-rc1 ~ 4.14.0-rc4 and the latest released version is 4.14.0-rc7 and stable build is 4.13.10 (2017/11/2). The reasons for...