summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Kling <kling@serenityos.org>2021-03-08 18:31:18 +0100
committerAndreas Kling <kling@serenityos.org>2021-03-08 22:53:28 +0100
commit0918dd0460b40be080f5f36dc368e7449a5a8fcb (patch)
tree0a5f672d692f178a563ba7608467fcf000d0fed0
parentdfca6b03e476f0590d61ff545f62e9fe1387b57f (diff)
downloadserenity-0918dd0460b40be080f5f36dc368e7449a5a8fcb.zip
Website: Add link to @ABigPickle's VLA exploit
-rw-r--r--Meta/Websites/serenityos.org/bounty/index.html1
1 files changed, 1 insertions, 0 deletions
diff --git a/Meta/Websites/serenityos.org/bounty/index.html b/Meta/Websites/serenityos.org/bounty/index.html
index 7558cf65e6..24d107d683 100644
--- a/Meta/Websites/serenityos.org/bounty/index.html
+++ b/Meta/Websites/serenityos.org/bounty/index.html
@@ -35,6 +35,7 @@
</p>
<p><b>Past exploits:</b></p>
<ul>
+ <li><b>2021-03-04:</b> <b>Iliad</b> used a VLA stack overflow in the TCP implementation to smash a nearby kernel stack and become root. (<a href="https://abigpickle.github.io/posts/2021/03/serenityos-kernel-hacking-adventures/">Writeup and exploit</a>)</li>
<li><b>2021-02-18:</b> <b>cees-elzinga</b> combined a ptrace race condition with an ASLR bypass to modify <code>/etc/passwd</code> and become root. (<a href="https://github.com/SerenityOS/serenity/issues/5230">Bug report and exploit</a>)</li>
<li><b>2021-02-11:</b> <b>vakzz</b> wrote the first-ever full chain exploit, stringing together a LibJS bug and a kernel bug to create a web page that got root access when viewed in our browser. (<a href="https://devcraft.io/2021/02/11/serenityos-writing-a-full-chain-exploit.html">Writeup and exploit</a>)</li>
<li><b>2020-12-22:</b> <b>ALLES! CTF</b> found a kernel LPE due to missing EFLAGS validation in <code>ptrace()</code>. (<a href="https://github.com/allesctf/writeups/blob/master/2020/hxpctf/wisdom2/writeup.md">Writeup and exploit</a>)</li>