2026-09-25 –, Main Track
What happens when the kernel loses track of its own objects?
Doppelganger (CVE-2026-23066) is a race-condition in the Linux kernel's RxRPC subsystem that allows the same object reference to be queued into a linked list more than once. Could such a simple primitive really be turned into a reliable kernel exploit?
It can, and it was. This talk traces the full journey from discovery of the subtle bug in rxrpc_recvmsg() to a working exploit demonstrated live at the ZeroDay.Cloud competition in London.
Faraz is a Lead Blockchain Security Researcher at Zellic. When not busy with work, he likes to play video games and indulge in low level vulnerability research and exploit development.