A software engineer focusing on fuzzers, exploits, and mitigations for Linux and Android kernels.


  • Mitigating Linux kernel memory corruptions with Arm Memory Tagging

    Memory tagging is coming to kill all of your favorite Linux kernel exploits!

    Memory Tagging Extension (MTE) is an ARM v8.5 feature that enables hardware-assisted validation of the correctness of memory accesses. In a nutshell, MTE allows assigning tags to memory allocations, as well as to pointers that refer to those allocations. When a pointer is accessed, the CPU performs a validity check that ensures that the memory tag matches the pointer tag.

    In this talk, I explain how MTE is used to assert the validity of kernel memory accesses. I describe the newly added Hardware Tag-Based KASAN mode, its weaknesses, and planned improvements.

  • LinKerSec channel

    A Telegram channel about Linux kernel security. Me and Alexander Popov regularly post links to materials about exploits, fuzzers, migitations, and other security-related things there.

    The posts are also reflected on Twitter and on Reddit.