Cherr panic

孩子们，mc 太好玩了，已连续游玩 14h

已连续游玩 12h Minecraft

“我知道，如果不去刻意见面的话，就真的再也见不了面了。” @落雪好想睡觉: 发布视频 播放量:8130 弹幕:2 评论:257 点赞:1207 投币:161 收藏:583 转发:134 发布日期:2026-05-09 12:00:24

QEMUtiny is a memory corruption vulnerability in QEMU's implementation of CXL (Compute Express Link) Type-3 (Memory Device) device emulation. 1. OOB read: cmd_logs_get_log() treats the CEL log offset as an array index in the memmove() source expression even though the CXL mailbox offset is in bytes. 2. OOB write: cmd_features_set_feature() accepts byte offsets into several small feature write-attribute structures without checking that offset + bytes_to_copy stays inside the selected structure. poc.c is a working exploit that drives the emulated CXL mailbox from the guest through the device BAR. It depends on offsets for the specific QEMU build and host libc layout. The exploit can be weaponized to work reliably across many QEMU versions using the OOB read to scan memory. However this is out of scope for this PoC. https://github.com/v12-security/pocs/tree/main/qemu

怎么挤进前 1k 了

Chrome沙箱中也能利用，Windows 内核特权提升漏洞（CVE-2026-40369） https://mp.weixin.qq.com/s/3nt_kHvQqHDO9E_2YKrgGg Windows 内核中存在一个任意内核地址写入漏洞（CVE-2026-40369）。当调用 NtQuerySystemInformation 并使用 SystemProcessInformationExtension（信息类 253）且传递内核地址及长度为 0 的输出缓冲区时，ProbeForWrite 验证被完全绕过。位于 ntoskrnl.exe 的 ExpGetProcessInformation 函数未对缓冲区指针进行合法性检查，在遍历进程时直接递增攻击者指定的任意内核地址。成功利用此漏洞可造成内核内存破坏，并实现本地权限提升。 该漏洞影响 Windows 11 24H2 至 25H2，可从任意非特权进程（包括 Chrome 沙箱等受限环境）稳定触发。

#NSFW

ssh-keysign-pwn: Steal SSH host private keys and /etc/shadow via the ptrace_may_access mm-NULL bypass + pidfd_getfd. Pre-31e62c2ebbfd kernels. With ssh-keysign-pwn, unprivileged users are able to read root-owned files. That affects all Linux kernel releases up through today's latest Linux Git state as of earlier today. __ptrace_may_access() skips the dumpable check when task->mm == NULL. do_exit() runs exit_mm() before exit_files() — no mm, fds still there. pidfd_getfd(2) succeeds in that window when the caller's uid matches the target's. Reported by Qualys and fixed by the mainline Linux kernel earlier today. This patch to adjust the kernel's ptrace behavior is what fixes the issue. Jann Horn flagged the FD-theft shape in October 2020. More details on ssh-keysign-pwn can be found via this GitHub repository. https://www.phoronix.com/news/Linux-ssh-keysign-pwn

node-ipc 被供应链投毒 https://thehackernews.com/2026/05/stealer-backdoor-found-in-3-node-ipc.html https://github.com/RIAEvangelist/node-ipc/issues/15 https://www.stepsecurity.io/blog/node-ipc-npm-supply-chain-attack