"If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle." --- Sun Tzu
Kernel is what we called "Ring 0". It's the front line and the last place we can defense the those underneath adversaries effectively. Unfortunately, most people from FLOSS world lost their rights to access PaX/Grsecurity's stable and test patch, which is the only effective defense solution. KSPP is making the progress slowly and more bugs being introduced by misunderstanding some PaX/Grsecurity features and missing the context why PaX/Grsecurity created them in the 1st place. Some vulnerablities and exploits( Since KSPP started) targetting linux kernel in the wild will be listed here and most of them can be mitigated by PaX/Grsecurity without any fix.
- Analysis and Exploitation of a Linux Kernel Vulnerability (CVE-2016-0728) - 201601
- CVE-2016-1583/Linux: Stack overflow via ecryptfs and /proc/$pid/environ - 201607
- CVE-2017-2636/exploit the race condition in the n_hdlc Linux kernel driver bypassing SMEP - 20170324
- CVE-2017-0358/ntfs-3g: modprobe is executed with unsanitized environment - 201702
- Linux kernel: CVE-2017-6074: DCCP double-free vulnerability (local root) - 201702
- CVE-2017-7184/PWN2OWN 2017 Linux 内核提权漏洞分析
- sudo-CVE-2017-1000367 - 201706
- CVE-2017-1000112: Exploitable memory corruption due to UFO to non-UFO path switch - 20170813, PoC
- CVE-2017-7616/The Infoleak that (Mostly) Wasn't - 201704
- CVE-2016-10277/CVE-2017-1000363, initroot: Bypassing Nexus 6 Secure Boot through Kernel Command-line Injection
- kernel: inotify: a race between inotify_handle_event() and sys_rename(): CVE-2017-7533 - 20170803
- Multiple silent fixes done by Linux kernel "community": "More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method"
- Silently (or obliviously) partially-fixed CONFIG_STRICT_DEVMEM bypass - 201704
- Multiple vulnerablities being silent fixed: CVE-2017-5546, CVE-2017-5547, CVE-2016-10154, CVE-2017-5548, CVE-2017-5549, CVE-2017-5550, CVE-2017-5551