V12

free v12 for Superteam Black teams

someone is using v12 on def con quals and it found the bug 😳😳😳 #OhDear #Slopped

@dcbuilder @real_philogy we will add formal verification soon too

@real_philogy also ai auditor tools like @v12sec and others are really good for finding bugs

With the QF funding I’m going to invest in formal verification. This is because compiler bugs are quite insidious. If I have discover these through audits and fuzzing it’s going to cost millions and years to make plank mainnet ready. FV + AI is the only viable path to prod.

@kernelstub it's important to appeal to modern target demo❤️

@v12sec The brain rot in the background

linux LPE in rds kernel module

@mjbommar we collided, saw someone submitted a patch so just release our PoC 🤷

@v12sec hi! did you already submit patch? you beat me by a few hours...

poc: github.com/v12-security/p… this is for arch users. arch linux enables rds module by default for some reason🤷

@mackhaon we wanted to add "double or nothing" to the run checkout but our general counsel said we can't do this. instead we added the discount spinner x.com/gf_256/status/…

@mackhaon we are seriously considering this. it would be great to be able to bet whether a codebase has bugs or not. if you can gamble on how many cars cross the interesection i don't see why you shouldn't be able to gamble on v12 runs

you can now Buy Now Pay Later pay for v12 credits with Klarna and Afterpay we call this "PoC now, pay later". we also wanted to add Affirm but they rejected our application🤡🤡 we also enabled USDC payments🎉

99e5c2d00d247298f4710546c62f827252840de5f25fbfc0e67e7e05b323bdc1 -

poc: github.com/v12-security/p… the vendor has stated TOS4 is EOL so we hope we can help owners of this appliance. we also release a script to exploit the bug to patch the bug

unauthenticated root RCE on TerraMaster TOS4 NAS appliances. (+free additional LPE) something light for sunday. bigger stuff this week! :-)

@caleb_fenton oh nice! we were wondering who we collided with. we also found this a few days ago x.com/v12sec/status/…

One of our security researchers demonstrated a local root shell on Linux using a page-cache poisoning primitive in AF_RXRPC’s RxGK path. We call it DirtyCBC: a sibling to DirtyFrag in the broader CopyFail / DirtyFrag / Fragnesia family. The issue is fixed on mainline. The candidate path was surfaced through Delphos’s agentic analysis workflow, then manually verified and exploited end to end. AES-256 was not broken. It just wasn’t the boundary that mattered. RxGK decrypted data in place before authentication completed. Under the right conditions, that write could land in the page cache. The HMAC check still failed and the connection was aborted, but the page-cache mutation had already happened. Two RESPONSE packets were enough to place a tiny ELF into the cached first page of a readable SUID-root binary. The file on disk stayed unchanged. The next exec produced a root shell. Full writeup and PoC on the Delphos Labs GitHub. delphoslabs.com/blog/36142374-…

poc: github.com/v12-security/p…

We collided on this bug! Since this has been disclosed and patched, we're also releasing our POC for DirtyCBC (we called it "DirtyDecrypt").

Due to popular demand We have made the Poc more user friendly 😊 This way you can test the safety of your qemu more time effectively 😃

this is in CXL, so cxl is required to be enabled. poc: github.com/v12-security/p…

today we are releasing a qemu escape

poc: github.com/v12-security/p…

new fragnesia variant (unpatched)