Comments

Hacker News

it's all so tiresome

so no mitigation except for kernel updates?

by tryauuum

Wow. A universal, unprivileged local kernel stack use-after-free enabling ~97%-reliable privilege escalation and container escape via a constrained write primitive, control-flow hijack, and ROP

* Introduced in Linux 2.6.39 in 2011

* patched in 7.1 (April 2026)

by djfergus

Read our technical walkthrough here to see how we won almost $10k bug bounty from a single Linux kernel 0-day -- GhostLock.

Chaining GhostLock with a Firefox 0-day, we managed to remote control any Android device (even the latest Android 17) from a simple URL click. We name this full-chain exploit "IonStack", because it's IonMonkey 0-day in Firefox and a StackOverflow in Linux kernel.

Our blog post -> https://nebusec.ai/research/ionstack-part-2/

Exploit Github -> https://github.com/NebuSec/CyberMeowfia

by etenal

Join the discussion

Write your take first — we'll ask for email only when you're ready to publish.

  • Hacker News
  • it's all so tiresome

    so no mitigation except for kernel updates?

    by tryauuum
  • Wow. A universal, unprivileged local kernel stack use-after-free enabling ~97%-reliable privilege escalation and container escape via a constrained write primitive, control-flow hijack, and ROP

    * Introduced in Linux 2.6.39 in 2011

    * patched in 7.1 (April 2026)

    by djfergus
  • Read our technical walkthrough here to see how we won almost $10k bug bounty from a single Linux kernel 0-day -- GhostLock.

    Chaining GhostLock with a Firefox 0-day, we managed to remote control any Android device (even the latest Android 17) from a simple URL click. We name this full-chain exploit "IonStack", because it's IonMonkey 0-day in Firefox and a StackOverflow in Linux kernel.

    Our blog post -> https://nebusec.ai/research/ionstack-part-2/

    Exploit Github -> https://github.com/NebuSec/CyberMeowfia

    by etenal

Related stories