CUCTF 2020 Hotrod Kernel Writeup (Userfaultfd Race + Kernel UAF + Timerfd_Ctx Overwrite)

This is a detailed CTF writeup for exploiting a vulnerable kernel module (hotrod). The author describes creating a race-induced UAF using userfaultfd to hijack timerfd_ctx function pointers, leaking KASLR via sprayed timerfd structures, and achieving kernel code execution and local privilege escalation by pivoting to userland and using a KPTI/SMEP-aware trampoline.