Xdev

on Bynar.io · A look at CVE-2026-31694, a page cache overflow in the Linux kernel's FUSE subsystem that lets an unprivileged attacker escalate privileges by corrupting cached SUID binaries via oversized directory entries.

on Bynar.io · An LLM-driven pipeline autonomously discovered and validated a use-after-free in Linux kernel CAN raw sockets — a non-trivial race involving RCU synchronisation and per-CPU memory management.

This post explores attacking page tables as a Linux kernel exploitation technique for gaining powerful read/write primitives.

In this post I discuss a vulnerability which allows a local, or remote attacker, to trigger a use-after-free in the TIPC networking stack on affected installations of the Linux kernel.

Let's explore the modern kernel heap exploitation meta and how the new RANDOM_KMALLOC_CACHES tries to address it.

My aim for this post is to provide some insights for getting into Linux kernel vulnerability research and exploit development

Let's kick things off with a modern day staple for local privilege escalation (LPE) in Linux Kernel Exploitation, modprobe_path.

Thought the Linternals series was hype? Get ready for the even SEO friendlier LiKE, a series on Linux kernel exploitation.

Recently I discovered a vulnerability in the Linux kernel that's been lurking there since 4.8 (July 2016)! CVE-2022-0435 is a remotely and locally exploitable stack overflow in the TIPC networking module of the Linux kernel