Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings
@Atomics-hub
Atomics-hub
Follow

A5omic Atomics-hub

🦏
YouTube / Twitter / Instagram / TikTok / Spotify: @A5omic

Block or report Atomics-hub

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Atomics-hub /README.md

Tom Ryan

Security researcher and engineer. I find memory-safety and authorization bugs in software people actually run β€” the Linux kernel, V8/Chrome, and the infrastructure that sits in front of everything.

Selected security work

  • 🐧 io_uring SQE_MIXED out-of-bounds read β€” fix merged upstream by Jens Axboe, backported to 6.19-stable
  • 🟦 V8 Maglev uninitialized read β€” fixed by the V8 team, credited on the Chrome VRP panel
  • πŸ”“ Advisories in Vaultwarden (SSO account takeover) and Plane (cross-workspace IDOR), with more in coordinated disclosure
  • β†’ Full ledger: tomryan.dev/security

How I work

The edge is targeting and proof, not volume. I aim AI-driven fuzzers and test harnesses at the specific surfaces that look wrong, then reproduce every promising hit in the target's own compiled code before it reaches a maintainer. When automated scanners flood projects with plausible-but-wrong reports, a reproducible PoC is the bar.

Also

iOS apps under Rekishi LLC Β· writing at tomryan.dev

πŸ“« overboardapps@gmail.com Β· PGP Β· GitHub

Pinned Loading

  1. Linux Kernel io_uring: OOB Read via ... Linux Kernel io_uring: OOB Read via SQE_MIXED + sq_array Physical Index Bypass
    1 
    # Linux Kernel io_uring: Out-of-Bounds Read via SQE_MIXED + sq_array Physical Index Bypass
    2
    3 
    **CVE**: Pending (kernel fix and liburing test both merged)
    4 
    **Affected**: Linux kernels with `IORING_SETUP_SQE_MIXED` (introduced by commit [1cba30bf9fdd](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1cba30bf9fdd))
    5 
    **Fix**: [c76e0f1d77f8](https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux.git/commit/?id=c76e0f1d77f87e258193c2628253782d5ff414c7) β€” merged into `io_uring-7.0` on 2026εΉ΄03月10ζ—₯
  2. V8 Maglev JIT: Uninitialized Specula... V8 Maglev JIT: Uninitialized SpeculationMode in SaveCallSpeculationScope (CL 7651434)
    1 
    // PoC: Uninitialized SpeculationMode in SaveCallSpeculationScope
    2 
    //
    3 
    // Triggers uninitialized read of saved_mode_ in the destructor of
    4 
    // MaglevGraphBuilder::SaveCallSpeculationScope during Maglev JIT compilation.
    5 
    //
  3. CVE-2026-47164 / GHSA-6x5c-84vm-5j56... CVE-2026-47164 / GHSA-6x5c-84vm-5j56 β€” Vaultwarden SSO existing-user binding bypasses IdP email_verified check (HIGH 7.7, fixed in 1.36.0). Independent-reporter writeup.
    1 
    # Vaultwarden SSO existing-user binding skips the IdP `email_verified` check (CVE-2026-47164)
    2
    3 
    **Advisory:** [GHSA-6x5c-84vm-5j56](https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-6x5c-84vm-5j56)
    4 
    **CVE:** CVE-2026-47164
    5 
    **Severity:** HIGH β€” CVSS 7.7 (`AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L`)
  4. slopOS slopOS Public

    A TempleOS-inspired OS built from scratch: own bootloader, kernel, and the SlopC language. 640x480, 16 colors, ring 0, version 6.9 forever.

    C

  5. flowdown flowdown Public

    O(1) streaming markdown renderer for the AI era. Zero dependencies. ~4KB gzipped.

    JavaScript 1

  6. agentk agentk Public

    AgentK is a user-space security kernel for AI agents: an MCP/tool boundary with typed syscalls, taint-aware policy, capability receipts, signed evidence, and replayable flight logs.

    Rust

AltStyle γ«γ‚ˆγ£γ¦ε€‰ζ›γ•γ‚ŒγŸγƒšγƒΌγ‚Έ (->γ‚ͺγƒͺγ‚ΈγƒŠγƒ«) /