V4bel (@v4bel) / X

V4bel

59 posts

V4bel

@v4bel

Independent Vuln. Researcher / Pwn2Own Berlin 2025, 2026 / Google kernelCTF 0-day / Pwnie Awards 2025

Joined November 2019

V4bel
@v4bel
Dec 19, 2024
I just released our kernelCTF VSock 0-day write-up with @_qwerty_po . (exp196/exp197, CVE-2024-50264) github.com/google/securit… We made history by being the first to exploit VSock in kernelCTF, expanding its known attack vectors. 🥳 It’s a pretty *simple* race condition, right?
59K
V4bel
@v4bel
Oct 21, 2024
Google kernelCTF LTS/COS 0-day WIN! Successfully exploited an extremely complex race condition 0-day vuln on two instances without using namespaces 🎉 work with @_qwerty_po
32K
V4bel
@v4bel
Jun 2, 2025
@_qwerty_po and I exploited a VSock 1-day in Google kernelCTF back in *February*, securing $71,337 🥳 (CVE-2025-21756, exp237/exp249) And I’ve just published the write-up: github.com/google/securit… A kernel developer reviewing a patch for a separate VSock bug I submitted
00:00
16K
V4bel
@v4bel
Sep 6, 2024
Found a 0-day in the Linux Kernel TCP a while back and finally sharing the details!
Theori
@theori_io
Sep 6, 2024
🚨 New Linux Kernel vulnerability (CVE-2024-27394) discovered & patched by Theori! 🔗 blog.theori.io/deep-dive-into… Our researcher @v4bel at #Theori identified a critical #UAF vulnerability in TCP-AO caused by a race condition in the #RCU API. Using techniques from the ExpRace paper,
22K
V4bel
@v4bel
Aug 9, 2025
Our CVE-2024-50264 with @_qwerty_po has won the Best Privilege Escalation category at the 2025 Pwnie Awards. Thank you, @PwnieAwards!!
16K
V4bel
@v4bel
Jun 30, 2025
CVE-2025-38087: Linux Kernel Traffic Control TAPRIO Use-After-Free This is a 64byte UAF write vuln I discovered for Pwn2Own. However, I couldn’t reliably exploit it due to the extremely narrow race window, so I had no choice but to patch it 😥 git.kernel.org/pub/scm/linux/…
9.6K
V4bel
@v4bel
Jul 24, 2025
Our CVE‑2024‑50264 has been nominated for the Best PE at the Pwnie Awards 🫢
Pwnie Awards
@PwnieAwards
Jul 23, 2025
We are very happy to announce the nominees for the 2025 Pwnie Awards! As a reminder, we will be presenting the winners at DEF CON this year. Saturday the 9th, 10:00AM Main Stage. Hope to see you there! docs.google.com/document/d/1fy…
14K
V4bel
@v4bel
Mar 14, 2025
Did you know that in Upstream, the conventional “overwriting modprobe_path” technique doesn’t work anymore? So, I developed a new technique that generally triggers modprobe_path. It's a simple idea—nothing fancy, but pretty useful 🙃
Theori
@theori_io
Mar 14, 2025
🔍 NEW RESEARCH: We've revived the modprobe_path privilege escalation technique in #Linux kernels. How? Read out blog to find out: blog.theori.io/reviving-the-m… Remember, we will always find a new way!
11K
V4bel
@v4bel
Aug 1, 2025
I have now left @theori_io. After a brief break, I plan to resume my research 🤟
5K
V4bel
@v4bel
Feb 26, 2025
If I ever get a chance, I would like to share my insights on race conditions 🤔
6K
V4bel
@v4bel
Dec 19, 2024
Replying to @v4bel
BTW, This is a variant of CVE-2021-26708: a13xp0p0v.github.io/2021/02/09/CVE… It was the first vuln analyzed after joining the company two years ago. Back then, I knew vvs still ended up as a dangling ptr even after the vuln was patched, but only recently succeeded in triggering the UAF. 🥲
a13xp0p0v.github.io
Four Bytes of Power: Exploiting CVE-2021-26708 in the Linux kernel
CVE-2021-26708 is assigned to five race condition bugs in the virtual socket implementation of the Linux kernel. I discovered and fixed them in January 2021. In this article I describe how to exploit...
6.7K
V4bel
@v4bel
Jun 28, 2024
😎
qwerty
@_qwerty_po
Jun 28, 2024
Successfully exploited a 0-day vulnerability in KernelCTF! work with @v4bel 🎉
9.1K
V4bel
@v4bel
Jan 1, 2025
Happy New Year! I hope I can grow even more this year 🙏
3.7K
V4bel
@v4bel
Jun 11, 2025
Replying to @u1f383
Those two contexts are protected by ->current_entry_lock.
511