Linux Privilege Escalation

Linux Privilege EscalationCVE-2022-27666 > Exploiting heap-based buffer overflow in Linux Kernel's ESP6 modules for LPE

Cấp phát buffer mặc định là order-3 page, tuy nhiên size ghi vào buffer được mô tả có thể lớn hơn, dẫn đến overflow đến 8 page trên heap khi ghi.

May 12, 2026 • nday

pawnyable.cafeDouble Fetch (LK03 - Dexter)

April 21, 2026 • Medium

Linux Privilege EscalationCVE-2022-4543 > Experimenting with EntryBleed - A Universal KASLR Bypass against KPTI on Linux

Trampoline region trong KPTI user page table bị cached vào TLB, cho phép dò KASLR offset từ userspace qua prefetch side-channel.

April 18, 2026 • nday

Linux Privilege EscalationCVE-2021-3156 > Exploiting heap-based buffer overflow in sudo for privilege escalation

Improper handling of escaped space leads to copying data pass null terminator, causing buffer overflow on the heap.

March 19, 2026 • nday

Linux Privilege EscalationGetting Started With Linux Kernel Exploitation

December 6, 2025

Linux Privilege EscalationNimbuspwn > Linux LPE via Path Traversal and TOCTOU in networkd-dispatcher

Nimbuspwn breaks the invariant that “networkd-dispatcher only executes trusted root-owned scripts from its own hooks directory,” which is violated when an attacker first escapes the hooks path via directory traversal and then swaps the checked script path between validation and execution via a TOCTOU race to get arbitrary code run as root.

November 9, 2025 • nday

The end.