security-research

Security Research

This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code.

We believe that vulnerability disclosure is a two-way street. Vendors, as well as researchers, must act responsibly. This is why Google adheres to a 90-day disclosure deadline. We notify vendors of vulnerabilities immediately, with details shared in public with the defensive community after 90 days, or sooner if the vendor releases a fix.

You can read up on our full policy at: https://www.google.com/about/appsecurity/.

Advisories

The disclosure of vulnerabilities are all in the form of security advisories, which can be browsed in the Security Advisories page.

Proof of Concepts

Accompanying proof-of-concept code will be used to demonstrate the security vulnerabilities.

Year Title Advisories Links
2023 Oracle VM VirtualBox 7.0.10 r158379 Escape CVE-2023-22098 PoC
2023 Linux: eBPF Path Pruning gone wrong CVE-2023-2163 PoC
2023 XGETBV is non-deterministic on Intel CPUs   PoC
2023 XSAVES Instruction May Fail to Save XMM Registers   PoC
2022 RET2ASLR - Leaking ASLR from return instructions   PoC
2022 Unexpected Speculation Control of RETs   PoC
2022 Bleve Library: Traversal Vulnerabilities in Create / Delete IndexHandler GHSA-gc7p-j7x8-h873 PoC
2022 Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library CVE-2022-30187 PoC
2022 Apple: Heap-based Buffer Overflow in libresolv GHSA-6cjw-q72j-mh57 PoC
2022 Apache: Code execution in log4j2 CVE-2021-45046 PoC
2021 Surface Pro 3: BIOS False Health Attestation (TPM Carte Blanche) CVE-2021-42299 Write-up, PoC
2021 CVE-2021-22555: Turning \x00\x00 into 10000$ CVE-2021-22555 Write-up, PoC
2021 Linux: KVM VM_IO|VM_PFNMAP vma mishandling CVE-2021-22543 PoC
2021 BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution CVE-2020-24490, CVE-2020-12351, CVE-2020-12352 Write-up, PoC

License & Patents

The advisories and patches posted here are free and open source.

See LICENSE for further details.

Contributing

The easiest way to contribute to our security research projects is to correct the patches when you see mistakes.

Please read up our Contribution policy.