BSides Canberra 2026

Doppelganger - Weaponizing CVE-2026-23066 at ZeroDay.Cloud
2026-09-25 , Main Track

What happens when the kernel loses track of its own objects?

Doppelganger (CVE-2026-23066) is a race-condition in the Linux kernel's RxRPC subsystem that allows the same object reference to be queued into a linked list more than once. Could such a simple primitive really be turned into a reliable kernel exploit?

It can, and it was. This talk traces the full journey from discovery of the subtle bug in rxrpc_recvmsg() to a working exploit demonstrated live at the ZeroDay.Cloud competition in London.

Faraz is a Lead Blockchain Security Researcher at Zellic. When not busy with work, he likes to play video games and indulge in low level vulnerability research and exploit development.