Latest posts

Changelog

View all changes

Engineering

GitHub Availability Report: July 2022

GitHub Availability Report: July 2022

In July, we experienced one incident that resulted in degraded performance for Codespaces. This report also acknowledges two incidents that impacted multiple GitHub.com services in June.

Jakub Oleksy

GitHub Availability Report: June 2022

In June, we experienced four incidents resulting in significant impact to multiple GitHub.com services. This report also sheds light into an incident that impacted several GitHub.com services in May.

Community

Product

Security

Dependabot now alerts for vulnerable GitHub ActionsDependabot now alerts for vulnerable GitHub Actions

Dependabot now alerts for vulnerable GitHub Actions

GitHub Actions gives teams access to powerful, native CI/CD capabilities right next to their code hosted in GitHub. Starting today, GitHub will send a Dependabot alert for vulnerable GitHub Actions, making it even easier to stay up to date and fix security vulnerabilities in your actions workflows.

Brittany O'Shea & Kate Catlin

Corrupting memory without memory corruption

In this post I’ll exploit CVE-2022-20186, a vulnerability in the Arm Mali GPU kernel driver and use it to gain arbitrary kernel memory access from an untrusted app on a Pixel 6. This then allows me to gain root and disable SELinux. This vulnerability highlights the strong primitives that an attacker may gain by exploiting errors in the memory management code of GPU drivers.

Open Source

Enterprise

Education

Policy

Company