GitHub Security Lab

See what we’re building to enhance the most integrated developer platform that allows developers and enterprises to drive innovation with ease.

A glimpse into the backgrounds and day-to-day work of several GitHub employees in cybersecurity roles.

The GitHub Security Lab provided office hours for open source projects looking to improve their security posture and reduce the risk of breach. Here’s what we learned and how you can also participate.

In this post I’ll exploit CVE-2022-20186, a vulnerability in the Arm Mali GPU kernel driver and use it to gain arbitrary kernel memory access from an untrusted app on a Pixel 6. This then allows me to gain root and disable SELinux. This vulnerability highlights the strong primitives that an attacker may gain by exploiting errors in the memory management code of GPU drivers.

In this post I’ll exploit CVE-2022-1134, a type confusion in Chrome that I reported in March 2022, which allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site. I’ll also look at some past vulnerabilities of this type and some implementation details of inline cache in V8, the JavaScript engine of Chrome.

In this post I’ll exploit CVE-2022-22057, a use-after-free in the Qualcomm gpu kernel driver, to gain root and disable SELinux from the untrusted app sandbox on a Samsung Z flip 3. I’ll look at various mitigations that are implemented on modern Android devices and how they affect the exploit.

How can you robustly assert and identify a user’s identity?

We’re taking a look at some of the most common security vulnerabilities and detailing how developers can best protect themselves.

Do you worry that a CVE will hurt the reputation of your project? In reality, CVEs are a tracking number, and nothing more. Here’s how we think of them at GitHub.

If there’s one habit that can make software more secure, it’s probably input validation. Here’s how to apply OWASP Proactive Control C5 (Validate All Inputs) to your code.

Practical tips on how to apply OWASP Top 10 Proactive Control C4.

A comprehensive guide for vulnerability reporters.

When it comes to secure database access, there’s more to consider than SQL injections. OWASP Top 10 Proactive Control C3 offers guidance.

The GitHub Security Lab’s CodeQL bounty program fuels GitHub Advanced Security with queries written by the open source community.

In this third and last part, I’ll share the results of my research on Apache HTTP server, and I’ll show some of the vulnerabilities that I’ve found.