Qyn

Here is the writeup for CVE-2023-3389, a Use-After-Free on an hrtimer in io_uring, which I exploited for the kCTF VRP qyn.app/posts/CVE-2023…

@farazsth98 I believe this technique has been known for a while now, first saw it in GoogleCTF and was later used in starlabs.sg/blog/2023/07-a…

Honey wake up, a new alternative to userfaultfd / FUSE for lengthening race windows just dropped!! #diff-61728fd9a1dd5bffb7a7143dc914920e30a9fcef794a3b308193a8d3ab750ba1" target="_blank" rel="nofollow noopener">github.com/google/securit…