The blog post analyzes CVE-2025-37756, a use-after-free (UAF) vulnerability in the Linux Kernel TLS (KTLS) subsystem. It details the TLS initialization process, packet reception, and the disconnection mechanism that leads to the v...
About:
Pumpkin is a security researcher at DEVCORE, focusing on Linux kernel security and enjoys sharing knowledge through study groups and presentations.
Website:
Specializations:
Interests:
Subscribe to RSS:
A detailed writeup of exploiting a Linux kernel vulnerability in the diceCTF 2026 competition, focusing on race conditions and memory manipulation techniques.
The post explores Linux filesystem isolation, namespace management, permission models, and security vulnerabilities, particularly in the context of containerization.
The blog post discusses a vulnerability in the TLS subsystem of the Linux kernel, specifically focusing on the tls_rx_msg_size() function and its patch. It details the changes made in the patch, the exploit path, and how the vulne...
The blog post discusses techniques for exploiting the Android kernel, focusing on the proxy file descriptor method. It explains the Java Native Interface (JNI) and provides a step-by-step guide on implementing a JNI library for An...
The author shares their experience participating in the corCTF competition, specifically focusing on solving an Android pwn challenge named corphone. They detail the process of achieving Local Privilege Escalation (LPE) on Android...
The blog post details the author's experience solving a Pwn challenge related to the Linux kernel created by STAR Labs for Singaporean students. The author documents their process, including the challenges faced and the eventual e...
The blog post discusses a race condition vulnerability in the net/packet subsystem of the Linux kernel, which was exploited in kernelCTF. The author analyzes the design of the protocol operation table for AF_PACKET sockets and the...
The blog post discusses CVE-2023-4272, a vulnerability in the Mali GPU driver that arises from insufficient cache invalidation, allowing attackers to read stale data from main memory. The author explains the technical details of h...
The blog post discusses the discovery of a method to bypass Ubuntu's new sandbox mechanisms designed to secure unprivileged user namespaces. Initially perceived as unbreakable, the author details their research process, which bega...
This blog post explores the internals of D-Bus and Polkit on Ubuntu and other Unix-based Linux distributions, focusing on their mechanisms and potential vulnerabilities. It introduces D-Bus as an IPC and RPC mechanism, detailing i...
The blog post discusses two vulnerabilities related to memory policy management in the Linux kernel, specifically focusing on the improper initialization of reference counts and race conditions introduced by new locking mechanisms...
This blog post explores the evolution of the Dirty COW vulnerability in Linux, focusing on two variants: Huge Dirty COW (CVE-2017-1000405) and SHM Dirty COW (CVE-2022-2590). It details the mechanisms of huge pages in Linux, the ro...
The blog post discusses the Dirty COW vulnerability (CVE-2016-5195) in the Linux kernel, detailing its root cause and the memory management issues that allow it to occur. It explains how the kernel's handling of memory access perm...
This article examines the critical importance of properly managing socket resources in the Linux kernel, particularly focusing on the release handlers of network protocols. It discusses the potential issues that arise when certain...
The blog post discusses the potential for leaking kernel addresses through the WARN() function in the kernelCTF environment. The author explores how triggering the WARN() function can produce error messages that may reveal kernel ...
CVE-2024-53104 is an Out-Of-Bound Write vulnerability in the Linux kernel UVC (USB Video Class) driver, which has reportedly been exploited on Android devices prior to its disclosure. The article analyzes the vulnerability, detail...
An overview of the Linux filesystem architecture, including file descriptors, inodes, pathname resolution, and recent security vulnerabilities.
The blog post explores the author's learning journey regarding Linux kernel vulnerabilities, specifically focusing on the tty and N_GSM subsystems. It details the initialization processes of the devpts file system and pseudo termi...
The article discusses the complexities of I/O port access in x86-64 architecture, focusing on the mechanisms of I/O ports and Memory-Mapped I/O (MMIO). It explains the role of the I/O Permission Bit, the SYS_iopl system call for u...
The blog post explains how to execute a native binary on Android devices, particularly focusing on the SELinux permission control that restricts untrusted applications. It details the necessary steps to configure the AndroidManife...
The blog post discusses a logic bug vulnerability in the vsock subsystem, identified as CVE-2025-38618. It details the root cause analysis, explaining how the vsock subsystem manages socket tables and the implications of using VMA...
The post explores the author's journey in security research, focusing on protocol handlers in Electron apps and the importance of rediscovering passion for learning.
0Notes for Rooting Google Pixel 8a
2025-07-14 •
...