whatisgithub

What is disclosures?

delphos-labs/disclosures — explained in plain English

Analysis updated 2026-05-18

16CAudience · researcherComplexity · 5/5Setup · hard

In one sentence

This repository is Delphos Labs' public archive of security vulnerability disclosures and proof-of-concept exploit code, currently featuring a Linux kernel privilege escalation bug called DirtyCBC.

Mindmap

mindmap
  root((disclosures))
    What it does
      Publish vulnerabilities
      Share proof of concepts
      Responsible disclosure
    Tech stack
      C
      Linux kernel
    Use cases
      Study kernel bugs
      Learn disclosure practice
      Track new findings
    Audience
      Security researchers
    Notable
      DirtyCBC
      Privilege escalation

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Read a real world Linux kernel privilege escalation writeup and proof of concept

USE CASE 2

Study responsible disclosure practices for reporting security vulnerabilities

USE CASE 3

Reference DirtyCBC as a case study of kernel page cache poisoning bugs

USE CASE 4

Track future disclosures published by Delphos Labs

What is it built with?

CLinux Kernel

How does it compare?

delphos-labs/disclosuresmicheldenizob/hotdsd_gorepatchswival/ds4-m5
Stars161616
LanguageCCC
Setup difficultyhardmoderatehard
Complexity5/52/54/5
Audienceresearcherdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · hard Time to first run · 1day+

Understanding or reproducing the exploit requires kernel level security expertise and a matching test environment.

No single license covers the whole repo, each disclosure directory may carry its own separate license.

So what is it?

disclosures is a public repository from Delphos Labs, a security research group, where they publish vulnerability disclosures and proof-of-concept exploit code for security flaws they have found. It is written mostly in C, matching the kind of low-level exploit code typically needed to demonstrate operating system and kernel level vulnerabilities. As of this writing, the repository lists a single disclosure named DirtyCBC. According to the README, it describes a Linux kernel bug involving page-cache poisoning through a networking component called AF_RXRPC, related to how RxGK handles decryption and message authentication ordering, combined with a memory feature called MSG_SPLICE_PAGES. The stated impact is a local privilege escalation, meaning a regular user on an affected system could potentially gain full root access. The README states that all vulnerabilities listed in the repository were first reported privately to the maintainers of the affected software and were patched before being disclosed publicly here, following standard responsible disclosure practice. The proof-of-concept code is described as intended for defensive validation and security research only, not for use against systems without authorization. This is a small, focused repository rather than a general purpose tool: it functions as an archive of the group's published findings rather than something to install or run as an application. The README is brief and mostly a table of disclosures with dates, so there is limited detail beyond what is summarized here. Licensing is not uniform: the README notes that individual disclosures inside the repository may each carry their own separate license, so anyone reusing the code should check each disclosure's own directory rather than assuming one blanket license applies.

Copy-paste prompts

Prompt 1
Explain in plain terms what the DirtyCBC vulnerability does and why it's dangerous
Prompt 2
Walk me through what AF_RXRPC and MSG_SPLICE_PAGES are and how they relate to this bug
Prompt 3
What is responsible disclosure and how did Delphos Labs follow it here
Prompt 4
Summarize the licensing situation for code in this repository

Frequently asked questions

What is disclosures?

This repository is Delphos Labs' public archive of security vulnerability disclosures and proof-of-concept exploit code, currently featuring a Linux kernel privilege escalation bug called DirtyCBC.

What language is disclosures written in?

Mainly C. The stack also includes C, Linux Kernel.

What license does disclosures use?

No single license covers the whole repo, each disclosure directory may carry its own separate license.

How hard is disclosures to set up?

Setup difficulty is rated hard, with roughly 1day+ to a first successful run.

Who is disclosures for?

Mainly researcher.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.