Analysis updated 2026-05-18
Read a real world Linux kernel privilege escalation writeup and proof of concept
Study responsible disclosure practices for reporting security vulnerabilities
Reference DirtyCBC as a case study of kernel page cache poisoning bugs
Track future disclosures published by Delphos Labs
| delphos-labs/disclosures | micheldenizob/hotdsd_gorepatch | swival/ds4-m5 | |
|---|---|---|---|
| Stars | 16 | 16 | 16 |
| Language | C | C | C |
| Setup difficulty | hard | moderate | hard |
| Complexity | 5/5 | 2/5 | 4/5 |
| Audience | researcher | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
Understanding or reproducing the exploit requires kernel level security expertise and a matching test environment.
disclosures is a public repository from Delphos Labs, a security research group, where they publish vulnerability disclosures and proof-of-concept exploit code for security flaws they have found. It is written mostly in C, matching the kind of low-level exploit code typically needed to demonstrate operating system and kernel level vulnerabilities. As of this writing, the repository lists a single disclosure named DirtyCBC. According to the README, it describes a Linux kernel bug involving page-cache poisoning through a networking component called AF_RXRPC, related to how RxGK handles decryption and message authentication ordering, combined with a memory feature called MSG_SPLICE_PAGES. The stated impact is a local privilege escalation, meaning a regular user on an affected system could potentially gain full root access. The README states that all vulnerabilities listed in the repository were first reported privately to the maintainers of the affected software and were patched before being disclosed publicly here, following standard responsible disclosure practice. The proof-of-concept code is described as intended for defensive validation and security research only, not for use against systems without authorization. This is a small, focused repository rather than a general purpose tool: it functions as an archive of the group's published findings rather than something to install or run as an application. The README is brief and mostly a table of disclosures with dates, so there is limited detail beyond what is summarized here. Licensing is not uniform: the README notes that individual disclosures inside the repository may each carry their own separate license, so anyone reusing the code should check each disclosure's own directory rather than assuming one blanket license applies.
This repository is Delphos Labs' public archive of security vulnerability disclosures and proof-of-concept exploit code, currently featuring a Linux kernel privilege escalation bug called DirtyCBC.
Mainly C. The stack also includes C, Linux Kernel.
No single license covers the whole repo, each disclosure directory may carry its own separate license.
Setup difficulty is rated hard, with roughly 1day+ to a first successful run.
Mainly researcher.
This repo across BitVibe Labs
Verify against the repo before relying on details.