Andrey Konovalov
@andreyknvl.bsky.social
Security engineer at http://xairy.io. Focusing on the Linux kernel. Maintaining @linkersec.bsky.social. Trainings at http://xairy.io/trainings.
Merge commit: git.kernel.org/pub/scm/linu...
RFC to replace per-CPU partials: lore.kernel.org/linux-mm/202...
LWN article: lwn.net/Articles/101...
RFC to replace per-CPU partials: lore.kernel.org/linux-mm/202...
LWN article: lwn.net/Articles/101...
October 24, 2025 at 2:04 PM
Merge commit: git.kernel.org/pub/scm/linu...
RFC to replace per-CPU partials: lore.kernel.org/linux-mm/202...
LWN article: lwn.net/Articles/101...
RFC to replace per-CPU partials: lore.kernel.org/linux-mm/202...
LWN article: lwn.net/Articles/101...
I also suspect that the CVE-2025-38494/5 fix is what actually fixes CVE-2024-50302.
Assuming the used chain was portable enough to also cover devices with CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y, replacing kmalloc with kzalloc possibly did nothing.
bsky.app/profile/andr...
Assuming the used chain was portable enough to also cover devices with CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y, replacing kmalloc with kzalloc possibly did nothing.
bsky.app/profile/andr...
Reaching code for CVE-2024-50302 (infoleak via Anton Touchpad) seems to require a bit more descriptions work: hid-multitouch.c is barely covered by syzbot. But the bug type is discoverable via KMSAN: it reports infoleaks over USB as kernel-usb-infoleak.
storage.googleapis.com/syzbot-asset...
storage.googleapis.com/syzbot-asset...
September 11, 2025 at 3:39 PM
I also suspect that the CVE-2025-38494/5 fix is what actually fixes CVE-2024-50302.
Assuming the used chain was portable enough to also cover devices with CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y, replacing kmalloc with kzalloc possibly did nothing.
bsky.app/profile/andr...
Assuming the used chain was portable enough to also cover devices with CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y, replacing kmalloc with kzalloc possibly did nothing.
bsky.app/profile/andr...
"Wrote" is a strong word for this, I just cleaned up the reproducer from this syzbot report:
syzkaller.appspot.com/bug?extid=fb...
The report has been public on the dashboard for over 2 months now. And there's plenty of other USB bugs that are still not fixed.
syzkaller.appspot.com/bug?extid=fb...
The report has been public on the dashboard for over 2 months now. And there's plenty of other USB bugs that are still not fixed.
September 11, 2025 at 3:39 PM
"Wrote" is a strong word for this, I just cleaned up the reproducer from this syzbot report:
syzkaller.appspot.com/bug?extid=fb...
The report has been public on the dashboard for over 2 months now. And there's plenty of other USB bugs that are still not fixed.
syzkaller.appspot.com/bug?extid=fb...
The report has been public on the dashboard for over 2 months now. And there's plenty of other USB bugs that are still not fixed.
Exploiting the Linux Kernel on October 26 — November 1 online via Ringzer0.
ringzer0.training/countermeaas...
ringzer0.training/countermeaas...
July 1, 2025 at 10:01 PM
Exploiting the Linux Kernel on October 26 — November 1 online via Ringzer0.
ringzer0.training/countermeaas...
ringzer0.training/countermeaas...
Exploiting the Linux Kernel on October 6–9 in Paris at Hexacon @hexacon.bsky.social.
www.hexacon.fr/trainer/kono...
www.hexacon.fr/trainer/kono...
July 1, 2025 at 10:01 PM
Exploiting the Linux Kernel on October 6–9 in Paris at Hexacon @hexacon.bsky.social.
www.hexacon.fr/trainer/kono...
www.hexacon.fr/trainer/kono...
July 1, 2025 at 10:01 PM
July 1, 2025 at 10:01 PM