Dedicated to advancing the understanding and detection of software vulnerabilities—and explaining the latest vulnerability research from the GitHub Security Lab. Go behind the scenes with the GitHub Security Lab, a collaborative initiative that brings together security researchers, developers, and organizations to find and fix security vulnerabilities in open source software.
The GitHub Security Lab provided office hours for open source projects looking to improve their security posture and reduce the risk of breach. Here’s what we learned and how you can also participate.
In this post I’ll exploit CVE-2022-20186, a vulnerability in the Arm Mali GPU kernel driver and use it to gain arbitrary kernel memory access from an untrusted app on a Pixel 6. This then allows me to gain root and disable SELinux. This vulnerability highlights the strong primitives that an attacker may gain by exploiting errors in the memory management code of GPU drivers.
In this post I’ll exploit CVE-2022-1134, a type confusion in Chrome that I reported in March 2022, which allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site. I’ll also look at some past vulnerabilities of this type and some implementation details of inline cache in V8, the JavaScript engine of Chrome.
In this post I’ll exploit CVE-2022-22057, a use-after-free in the Qualcomm gpu kernel driver, to gain root and disable SELinux from the untrusted app sandbox on a Samsung Z flip 3. I’ll look at various mitigations that are implemented on modern Android devices and how they affect the exploit.
It was another record year for our Security Bug Bounty program. We’re excited to highlight some achievements we’ve made together with the bounty community from 2021!
Do you worry that a CVE will hurt the reputation of your project? In reality, CVEs are a tracking number, and nothing more. Here’s how we think of them at GitHub.
Introducing CodeQL packs to help you codify and share your knowledge of vulnerabilities.
Anyone can now provide additional information to further the community’s understanding and awareness of security advisories.
A behind-the-scenes peek into the machine learning framework powering new code scanning security alerts.
A comprehensive guide for vulnerability reporters.
How to exploit a double-free vulnerability in Ubuntu’s accountsservice (CVE-2021-3939)
Recently, the Copyright Office responded to the calls to clarify the scope of protected security research.
In this post, I’ll use three bugs that I reported to Qualcomm in the NPU (neural processing unit) driver to gain arbitrary kernel code execution as root user and disable SELinux from the untrusted app sandbox in an Android phone.
The Exiv2 team tightened our security by enabling GitHub’s code scanning feature and adding custom queries tailored to the Exiv2 code base.
This post is a technical analysis of a recently disclosed Chrome vulnerability in the garbage collector of v8 (CVE-2021-37975) that was believed to be exploited in the wild. This vulnerability was reported by an anonymous researcher and was patched on September 30, 2021 in Chrome version 94.0.4606.71. I’ll cover the root cause analysis of the bug, as well as detailed exploitation.
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
