Anderson Nascimento's Avatar

Anderson Nascimento

@andersonc0d3.bsky.social

Founder & Security Researcher @allelesecurity Twitter: https://x.com/andersonc0d3 Mastodon: https://infosec.exchange/@andersonc0d3 Blog: https://blog.andersonc0d3.io

159 Followers  |  453 Following  |  235 Posts  |  Joined: 27.10.2024  |  1.9105

Latest posts by andersonc0d3.bsky.social on Bluesky

Preview
perf/core: Prevent VMA split of buffer mappings Β· torvalds/linux@b024d7b The perf mmap code is careful about mmap()'ing the user page with the ringbuffer and additionally the auxiliary buffer, when the event supports it. Once the first mapping is established, subseq...

perf/core: Prevent VMA split of buffer mappings

github.com/torvalds/lin...

06.08.2025 19:26 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

[PATCH RFC] help: Add 'help -l' to show memory layout

lists.crash-utility.osci.io/archives/lis...

03.08.2025 13:30 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
oss-sec: Linux kernel: eBPF vulnerabilities

Linux kernel: eBPF vulnerabilities

seclists.org/oss-sec/2025...

03.08.2025 03:01 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Taint Me Like One of Your fetch cURLs

Discovering IoT CVEs at scale with binary pointer alias analysis and compiler theory

raw.githubusercontent.com/attilaszia/s...

02.08.2025 15:22 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
hashcat v7.0.0

hashcat v7.0.0

hashcat.net/forum/thread...

01.08.2025 22:34 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
The Thermodynamics of Trading with Daniel Pontecorvo | Signals and Threads Daniel Pontecorvo runs the β€œphysical engineering” team at Jane Street. This group blends architecture, mechanical engineering, electrical engineering, and construction management to build functional p...

The Thermodynamics of Trading with Daniel Pontecorvo

signals-threads.simplecast.com/episodes/the...

01.08.2025 22:32 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
πŸ“² Debugging the Pixel 8 kernel via KGDB Instructions for getting kernel log, building custom kernel, and enabling KGDB on Pixel 8

Documented instructions for setting up KGDB on Pixel 8.

Including getting kernel log over UART via USB-Cereal, building/flashing custom kernel, breaking into KGDB via /proc/sysrq-trigger or by sending SysRq-G over serial, dealing with watchdogs, etc.

xairy.io/articles/pix...

28.07.2025 20:20 β€” πŸ‘ 4    πŸ” 3    πŸ’¬ 0    πŸ“Œ 1
Preview
Go Assembly Mutation Testing Test coverage of delicate Go cryptographic assembly through a new mutation testing framework.

Go Assembly Mutation Testing

words.filippo.io/assembly-mut...

31.07.2025 17:08 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
#357 β€’ A new era of longevity science: models of aging, human trials of rapamycin, biological clocks, promising compounds, and lifestyle interventions | Brian Kennedy, Ph.D. β€œI really think that all of these interventions that we're looking at are restoring dynamic range…We're restoring things that happened when you were young.” β€”Brian Kennedy

#357 β€’ A new era of longevity science: models of aging, human trials of rapamycin, biological clocks, promising compounds, and lifestyle interventions | Brian Kennedy, Ph.D.

peterattiamd.com/briankennedy/

31.07.2025 16:38 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

323 | Jacob Barandes on Indivisible Stochastic Quantum Mechanics

www.preposterousuniverse.com/podcast/2025...

31.07.2025 16:34 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Increased reports since 6.15.3 of corruption within the log tree

lore.kernel.org/linux-btrfs/...

31.07.2025 14:11 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Making sure you're not a bot!

Linux 6.16

lore.kernel.org/lkml/CAHk-=w...

28.07.2025 01:53 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
The Joy of Why Most cosmologists agree that our universe had a beginning. But the finer details about the Big Bang remain a mystery. A history of everything would explain all, or so theoretical physicists hoped. In ...

The Joy of Why | Why Did The Universe Begin?

play.prx.org/listen?ge=pr...

25.07.2025 23:22 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Train brake hack, GRU sanctions, Wagner war crimes, Microsoft's Chinese β€˜digital escorts’ - Security Conversations Three Buddy Problem – Episode 54: Europol busted pro‑Russian hacktivist crewβ€―NoNameβ€―057(16), the Brits announce sanctions on Russia’s GRU cyber units, Wagner‑linked β€œwar influencers” streamed atrociti...

Train brake hack, GRU sanctions, Wagner war crimes, Microsoft’s Chinese β€˜digital escorts

securityconversations.com/episode/trai...

25.07.2025 23:21 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

XFS - Atomic File Content Exchange in UEK8

blogs.oracle.com/linux/post/x...

25.07.2025 14:59 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
The GNU C Library security advisories update for 2025-07-23 Previous message (by thread): The GNU C Library security advisories update for 2025-05-16 Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] The following security advisories have been published: GLIBC-SA-2025-0005: =================== posix: Fix double-free after allocation failure in regcomp The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library. CVE-Id: CVE-2025-8058 Public-Date: 2025-07-22 Vulnerable-Commit: 963d8d782fc98fb6dc3a66f0068795f9920c269d (2.3.3-1596) Fix-Commit: 7ea06e994093fa0bcca0d0ee2c1db271d8d7885d (2.42) Notes: ====== Published advisories are available directly in the project git repository: https://sourceware.org/git/?p=glibc.git;a=tree;f=advisories;hb=HEAD

posix: Fix double-free after allocation failure in regcomp

sourceware.org/pipermail/li...

23.07.2025 20:28 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Making sure you're not a bot!

[RFC v3] fuse: use fs-iomap for better performance so we can containerize ext4

lore.kernel.org/all/20250717...

23.07.2025 12:45 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

[RFC] New codectl(2) system call for sframe registration

lore.kernel.org/all/2fa31347...

23.07.2025 12:44 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Triaging CVEs for the Linux Kernel

Automating the assessment of Kernel Vulnerabilities

Slides: opensource.siemens.com/events/2025/...

Video: youtu.be/YAJOPgehFT0

23.07.2025 03:35 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
New APIs for name lookup and lock for directory operations

New APIs for name lookup and lock for directory operations [LWN.net]

lwn.net/Articles/103...

23.07.2025 03:30 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

XFS - Directory Parent Pointers in UEK8

blogs.oracle.com/linux/post/x...

23.07.2025 03:24 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
research/CVE-2023-52922 at master Β· alleleintel/research Research developed by Allele Security Intelligence. - alleleintel/research

For code 1, we replaced the reallocation technique, moving from the keyring subsystem to the VSOCK networking protocol using sendmsg(). Additionally, code 3 now dynamically chooses the slab virtual base address.

github.com/alleleintel/...

21.07.2025 14:32 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

We've published the research materials.

Two proofs of concept required modifications after the blog post's publication. The blog post was updated accordingly.

github.com/alleleintel/...

21.07.2025 14:32 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
[SECURITY] firefox-patch-bin, librewolf-fix-bin and zen-browser-patched-bin AUR packages contain malware - Aur-general - lists.archlinux.org

[SECURITY] firefox-patch-bin, librewolf-fix-bin and zen-browser-patched-bin AUR packages contain malware

lists.archlinux.org/archives/lis...

19.07.2025 14:51 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
LKML: nicolas.bouchinet@oss ...: [PATCH] fs: hidepid: Fixes hidepid non dumpable behavior

[PATCH] fs: hidepid: Fixes hidepid non dumpable behavior

lkml.org/lkml/2025/7/...

[PATCH] lsm: yama: Check for PTRACE_MODE_READ_FSCREDS access

lkml.org/lkml/2025/7/...

19.07.2025 02:15 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
News - Unbound 1.23.1 released Security fix for CVE-2025-5994

Unbound 1.23.1 released

A multi-vendor cache poisoning vulnerability named "Rebirthday Attack" has been discovered in caching resolvers that support EDNS Client Subnet (ECS)."

www.nlnetlabs.nl/news/2025/Ju...

19.07.2025 01:35 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
RebirthDay Attack: Reviving DNS Cache Poisoning with the Birthday Paradox | Mingming Zhang This paper ...

RebirthDay Attack: Reviving DNS Cache Poisoning with the Birthday Paradox

zhangmm.net/publication/...

19.07.2025 01:35 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Save what must be saved: Secure context switching with Sailor for USENIX Security 2025 Save what must be saved: Secure context switching with Sailor for USENIX Security 2025 by Neelu Shivprakash Kalani et al.

Save what must be saved: Secure context switching with Sailor for USENIX Security 2025 - IBM Research

research.ibm.com/publications...

19.07.2025 01:13 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
GPUHammer

GPUHammer: Rowhammer Attacks on GPU Memories are Practical

gpuhammer.com

17.07.2025 03:35 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
ZDI-25-602 (Pwn2Own) Oracle VirtualBox OHCI USB Controller Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability

(Pwn2Own) Oracle VirtualBox OHCI USB Controller Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability

www.zerodayinitiative.com/advisories/Z...

16.07.2025 17:41 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

@andersonc0d3 is following 19 prominent accounts