Skip to content
View Atomics-hub's full-sized avatar
🦏
🦏
4 followers · 1 following

Achievements

Achievement: QuickdrawAchievement: Pull Sharkx3Achievement: YOLO

Achievements

Achievement: QuickdrawAchievement: Pull Sharkx3Achievement: YOLO

Block or report Atomics-hub

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Atomics-hub/README.md

Tom Ryan

Security researcher and engineer. I find memory-safety and authorization bugs in software people actually run — the Linux kernel, V8/Chrome, and the infrastructure that sits in front of everything.

Selected security work

  • 🐧 io_uring SQE_MIXED out-of-bounds read — fix merged upstream by Jens Axboe, backported to 6.19-stable
  • 🟦 V8 Maglev uninitialized read — fixed by the V8 team, credited on the Chrome VRP panel
  • 🔓 Advisories in Vaultwarden (SSO account takeover) and Plane (cross-workspace IDOR), with more in coordinated disclosure
  • Full ledger: tomryan.dev/security

How I work

The edge is targeting and proof, not volume. I aim AI-driven fuzzers and test harnesses at the specific surfaces that look wrong, then reproduce every promising hit in the target's own compiled code before it reaches a maintainer. When automated scanners flood projects with plausible-but-wrong reports, a reproducible PoC is the bar.

Also

iOS apps under Rekishi LLC · writing at tomryan.dev

📫 overboardapps@gmail.com · PGP · GitHub

Pinned Loading

  1. Linux Kernel io_uring: OOB Read via ... Linux Kernel io_uring: OOB Read via SQE_MIXED + sq_array Physical Index Bypass
    1 
    # Linux Kernel io_uring: Out-of-Bounds Read via SQE_MIXED + sq_array Physical Index Bypass
    2 
    
              
    
              
    
                3
                
    **CVE**: Pending (kernel fix and liburing test both merged)
    
              
    
              
    
                4
                
    **Affected**: Linux kernels with `IORING_SETUP_SQE_MIXED` (introduced by commit [1cba30bf9fdd](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1cba30bf9fdd))
    
              
    
              
    
                5
                
    **Fix**: [c76e0f1d77f8](https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux.git/commit/?id=c76e0f1d77f87e258193c2628253782d5ff414c7) — merged into `io_uring-7.0` on 2026-03-10
    
              
    
          
    
    
    
  
    

    2. 

      

  2. 
  
    
    
    
      
    
        
        V8 Maglev JIT: Uninitialized Specula...  V8 Maglev JIT: Uninitialized SpeculationMode in SaveCallSpeculationScope (CL 7651434)      
    

          
    
              
    
                1
                
    // PoC: Uninitialized SpeculationMode in SaveCallSpeculationScope
    
              
    
              
    
                2
                
    //
    
              
    
              
    
                3
                
    // Triggers uninitialized read of saved_mode_ in the destructor of
    
              
    
              
    
                4
                
    // MaglevGraphBuilder::SaveCallSpeculationScope during Maglev JIT compilation.
    
              
    
              
    
                5
                
    //
    
              
    
          
    
    
    
  
    

    3. 

      

  3. 
  
    
    
    
      
    
        
        CVE-2026-47164 / GHSA-6x5c-84vm-5j56...  CVE-2026-47164 / GHSA-6x5c-84vm-5j56 — Vaultwarden SSO existing-user binding bypasses IdP email_verified check (HIGH 7.7, fixed in 1.36.0). Independent-reporter writeup.      
    

          
    
              
    
                1
                
    # Vaultwarden SSO existing-user binding skips the IdP `email_verified` check (CVE-2026-47164)
    
              
    
              
    
                2
                
    
              
    
              
    
                3
                
    **Advisory:** [GHSA-6x5c-84vm-5j56](https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-6x5c-84vm-5j56)
    
              
    
              
    
                4
                
    **CVE:** CVE-2026-47164
    
              
    
              
    
                5
                
    **Severity:** HIGH — CVSS 7.7 (`AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L`)
    
              
    
          
    
    
    
  
    

    4. 

      
  4. 
  
    
    
    
      
    
        
    
            
          slopOS  slopOS          Public
        
    
      
    


      
    
        A TempleOS-inspired OS built from scratch: own bootloader, kernel, and the SlopC language. 640x480, 16 colors, ring 0, version 6.9 forever.
      
    

      
    
          
  
  C


      
    
    
    
  
    

    5. 

      
  5. 
  
    
    
    
      
    
        
    
            
          flowdown  flowdown          Public
        
    
      
    


      
    
        O(1) streaming markdown renderer for the AI era. Zero dependencies. ~4KB gzipped.
      
    

      
    
          
  
  JavaScript


          
            
    

            1
          
      
    
    
    
  
    

    6. 

      
  6. 
  
    
    
    
      
    
        
    
            
          agentk  agentk          Public
        
    
      
    


      
    
        AgentK is a user-space security kernel for AI agents: an MCP/tool boundary with typed syscalls, taint-aware policy, capability receipts, signed evidence, and replayable flight logs.
      
    

      
    
          
  
  Rust


      
    
    
    
  
    

    7.