Findings

Vulnerabilities I found by reading the code.

Each of these came from manual source review — diffing a function against its safe siblings and git history, hypothesizing the missing invariant, then confirming with a sanitizer and shipping the patch upstream.

Heap out-of-bounds read in the Linux kernel's SMB server

Applied · stable

smb_check_perm_dacl() failed to verify an ACE was large enough to hold its declared sub-authorities, letting an authenticated client trigger an OOB read past the security-descriptor allocation via a crafted ACL stored with SMB2_SET_INFO and read on a later SMB2_CREATE. Fixed by adding the missing bounds check before dereference; Cc'd to stable.

linux · fs/smb/server/smbacl.c · ksmbd · view patch on lore →

Crashing PyTorch with a 176-byte model file

Open PR

An attacker-controlled class_type index parsed from an untrusted flatbuffer model was used in an unchecked operator[] and dereferenced — a wild pointer dereference reachable from torch.jit.load. The FlatBuffers verifier validates structure but not this cross-reference, so a crafted module passes verification yet SIGSEGVs. Fix routes both registration sites through the bounds-checked accessor with a null guard.

pytorch · torch/csrc/jit/mobile/flatbuffer_loader.cpp · PR #186672 →

Slipping past curl's SSRF filter with percent-encoding

Disclosed

parse_authority() normalized the URL before decoding, so a %2e-encoded host could bypass the SSRF filter. Responsibly disclosed and under review.

curl · url parsing · under review

Out-of-bounds read in the Linux NTFS driver

Submitted

ntfs_readdir() dereferenced an unvalidated on-disk entries_offset, attacker-reachable via getdents64() on a read-only mounted image. Fixed by validating the offset before dereference; submitted to linux-fsdevel.

linux · fs/ntfs/dir.c · linux-fsdevel