This SnapAttack writeup on CVE-2024-30051 is pretty neat: https://blog.snapattack.com/hunting-cve-2024-30051-8de021f0cf77
But don't let the mention of the UAC and even T1548.002 suggest that it's merely a UAC bypass. This allows going from non-admin to SYSTEM.
This is in no way a UAC bypass. The UAC's consent.exe is merely a mule to get the user-provided payload DLL to execute with SYSTEM privileges (by way of dwm.exe).
Kernel.org folks never provided the postmortem they promised in 2011 after finding their infrastructure had been rooted. They also didn't bother to respond to my email earlier this week seeking comment on new information that, in fact, their servers had been rooted 2 years earlier by a 2nd, even more sophisticated piece of malware.
While no one responded to me, here's Linux Foundation member Konstantin Ryabitsev responding elsewhere to my post that the breach was the subject of an FBI investigation, and later of a lawsuit. This says lots about the obligation kernel.org, an organization entrusted with huge responsibility, feels toward transparency. If Microsoft did this, people would be apoplectic.
Three years ago, #FDroid had a similar kind of attempt as the #xz #backdoor. A new contributor submitted a merge request to improve the search, which was oft requested but the maintainers hadn't found time to work on. There was also pressure from other random accounts to merge it. In the end, it became clear that it added a #SQLinjection #vuln. In this case, we managed to catch it before it was merged. Since similar tactics were used, I think its relevant now