BestHub
Sign in
Tagged articles
8 articles
Page 1 of 1
dbaplus Community
dbaplus Community
May 18, 2026 · Information Security

One Bash Script, One Weekend: How AI Uncovered a 23‑Year‑Old Linux Kernel Flaw

A simple Bash script run over a weekend by researcher Nicholas Carlini leveraged Claude Opus 4.6 to discover a critical NFSv4 vulnerability that had persisted in Linux kernels since March 2003, prompting Linus Torvalds to announce AI‑driven security as a new normal in the Linux 7.0 release.

AI-assisted Vulnerability DetectionKernel SecurityLinux
0 likes · 19 min read
One Bash Script, One Weekend: How AI Uncovered a 23‑Year‑Old Linux Kernel Flaw
21CTO
21CTO
Sep 9, 2025 · Information Security

What’s New in Linux Kernel Runtime Guard 1.0? A Deep Dive into Enhanced Security

The Linux Kernel Runtime Guard (LKRG) 1.0 release adds support for kernel 6.17, removes obsolete code, improves performance, expands OverlayFS compatibility, and tightens protection against credential‑overwrites and other kernel‑level attacks, while remaining a complementary layer to SELinux and AppArmor.

Kernel SecurityLKRGLinux
0 likes · 5 min read
What’s New in Linux Kernel Runtime Guard 1.0? A Deep Dive into Enhanced Security
Liangxu Linux
Liangxu Linux
Aug 21, 2025 · Fundamentals

Why Your Program Can’t Directly Control Memory or Hardware on Modern OSes

On modern operating systems, user‑mode programs are prevented from directly managing memory, executing privileged CPU instructions, or accessing hardware because such actions would break isolation, corrupt kernel data structures, and jeopardize system stability and security.

Kernel Securityhardware accessprivileged instructions
0 likes · 7 min read
Why Your Program Can’t Directly Control Memory or Hardware on Modern OSes
Java Tech Enthusiast
Java Tech Enthusiast
Jul 17, 2025 · Fundamentals

Why User‑Space Programs Can’t Directly Control Memory or Hardware

Attempting to bypass the operating system by directly managing memory, executing privileged CPU instructions, or performing raw hardware I/O from a user‑space application is prohibited; modern OS kernels enforce strict privilege levels, protecting critical data structures and ensuring system stability, and any such attempts are blocked or cause crashes.

Kernel SecurityMemory ManagementOperating System
0 likes · 6 min read
Why User‑Space Programs Can’t Directly Control Memory or Hardware
Linux Kernel Journey
Linux Kernel Journey
Nov 7, 2024 · Information Security

Using eBPF to Protect, Detect, and Audit Malicious eBPF Programs

The article analyzes how attackers can abuse eBPF to steal data, elevate privileges, execute commands, and hide processes, then presents concrete eBPF code for such attacks and outlines practical protection, detection, and auditing techniques—including file analysis, bpftool usage, and kernel tracing—to mitigate these threats.

Kernel SecuritybpftooleBPF
0 likes · 27 min read
Using eBPF to Protect, Detect, and Audit Malicious eBPF Programs
OPPO Amber Lab
OPPO Amber Lab
Nov 1, 2021 · Information Security

AI-Enabled Security Insights from the 2021 Pan-Terminal Workshop

The 2021 Pan‑Terminal Security Workshop, jointly organized by the China Computer Federation and OPPO at Xi'an Jiaotong University, gathered leading academics and industry experts to discuss AI‑driven security, kernel protection, and blockchain finance, offering livestream access and video recordings for the research community.

AI securityBlockchainKernel Security
0 likes · 3 min read
AI-Enabled Security Insights from the 2021 Pan-Terminal Workshop
OPPO Kernel Craftsman
OPPO Kernel Craftsman
Oct 29, 2021 · Information Security

Linux Security Module (LSM) Fundamentals and Implementation

The article explains the Linux Security Module (LSM) framework, detailing its origins, hook‑based architecture, kernel integration points, initialization process, and how it enables flexible, non‑intrusive security enhancements such as SELinux, allowing multiple security modules to coexist within the Linux kernel.

AppArmorKernel SecurityLSM
0 likes · 9 min read
Linux Security Module (LSM) Fundamentals and Implementation
Tencent Cloud Developer
Tencent Cloud Developer
Feb 14, 2019 · Information Security

Critical runc Container Escape Vulnerability Advisory (CVE-2019-5736)

A critical CVE‑2019‑5736 vulnerability in the runc container runtime lets a malicious container overwrite the host’s runc binary, granting attackers root‑level code execution that can compromise other containers, the host system, and the network, with a CVSS 3.0 score of 7.2, affecting runc, Apache Mesos and LXC, and requiring prompt updates.

Container SecurityKernel SecurityVulnerability
0 likes · 3 min read
Critical runc Container Escape Vulnerability Advisory (CVE-2019-5736)