{"id":8724,"date":"2025-07-08T14:17:36","date_gmt":"2025-07-08T07:17:36","guid":{"rendered":"https:\/\/galaxyholdings.co\/?p=8724"},"modified":"2025-11-25T13:04:33","modified_gmt":"2025-11-25T06:04:33","slug":"galaxy-dna-cao-ngoc-quy-indentified-a-critical-vulnerability-in-linux-kernel-and-earns-recognition-from-google","status":"publish","type":"post","link":"https:\/\/galaxyholdings.co\/en\/galaxy-dna-cao-ngoc-quy-indentified-a-critical-vulnerability-in-linux-kernel-and-earns-recognition-from-google\/","title":{"rendered":"Galaxy DNA #05: Cao Ng\u1ecdc Qu\u00fd \u2013 Indentified a critical vulnerability in Linux Kernel and earns recognition from Google"},"content":{"rendered":"

A critical vulnerability – CVE-2024-26582<\/strong> – was recently uncovered in the Transport Layer Security (TLS) subsystem of the Linux kernel. This Use-After-Free (UAF)<\/strong> issue, with a CVSS v3.1 base score of 7.8<\/strong>, poses significant risks, including Denial of Service (DoS)<\/strong> and Remote Code Execution (RCE)<\/strong>, which could allow attackers to take control of affected systems. Though major Linux vendors have issued patches, verifying their long-term effectiveness remains a major challenge in today\u2019s fast-evolving security landscape.<\/p>\n

Amid global patching efforts, Cao Ngoc Quy, a Security Engineer at GalaxyOne<\/strong> – a key Business Unit in the Galaxy Holdings Digital Ecosystem, identified a vulnerability in the initial patch itself, a rare and highly valuable discovery in kernel security research. His findings, submitted via GitHub (https:\/\/github.com\/google\/security-research\/pull\/192<\/a>), revealed that the original fix could be bypassed using advanced techniques\u2014a situation often referred to as a \u201cpatch bypass\u201d or “follow-up vulnerability.\u201d<\/p>\n

\"\"<\/p>\n

\n
\n
\n

Cao Ngoc Quy’s discovery doesn’t just stop at identifying a vulnerability – it strengthens a critical layer of protection<\/strong> for millions of Linux systems worldwide. Leading programs like Google\u2019s kCTF (kernel Capture the Flag)<\/strong>, where CVE-2024-26582 was initially discovered, highly encourage and reward such contributions. The primary goal of kCTF is not just to fix isolated issues, but to build better long-term defenses and raise the bar for kernel exploit development.<\/p>\n

\"\"<\/p>\n

\n
\n
\n
<\/div>\n

By identifying a flaw in the patch, Quy has helped ensure that fixes not only address immediate threats but also stand strong against more sophisticated exploitation attempts in the future<\/strong>. His work directly enhances the overall resilience of the Linux kernel, a foundation of many critical global services and infrastructures.<\/p>\n<\/div>\n

<\/div>\n
\n

\"\"<\/p>\n

<\/div>\n

In cybersecurity, discovering vulnerabilities has a profound impact. Proactive testing<\/strong> and vulnerability research <\/strong>are crucial to enabling organizations to update systems promptly, strengthen product security, and protect users worldwide from cyber threats.<\/p>\n

Cao Ngoc Quy\u2019s achievement not only showcases his dedication and deep expertise in cybersecurity but also underscores Galaxy One\u2019s commitment to safeguarding critical systems against increasingly complex threats.<\/p>\n

GalaxyOne, a key Business Unit of the Galaxy Holdings Digital Ecosystem<\/strong>, serves as the dedicated security unit for the Sovico Group. Galaxy One<\/strong>\u2019s cybersecurity services include penetration testing, red teaming, security assessment, SOC as a service, and Cybersecurity Awareness & CyberDrill.<\/p>\n

 <\/p>\n<\/div>\n<\/figure>\n<\/div>\n<\/div>\n

\n
\n
\n\n\n\n
\n

Galaxy DNA<\/b> is a newsletter that highlights our corporate culture and celebrates outstanding employees, sharing a spirit of creativity and recognizing team contributions. Follow Galaxy DNA to meet inspiring individuals \u2013 the people shaping the future of Galaxy Holdings.<\/p>\n

Learn more about Galaxy One<\/strong> \u2013 A provider of Digital Infrastructure:<\/span> https:\/\/galaxyholdings.co<\/b><\/span><\/a><\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n<\/div>\n<\/div>\n<\/figure>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

A critical vulnerability – CVE-2024-26582 – was recently uncovered in the Transport Layer Security (TLS) subsystem of the Linux kernel. This Use-After-Free (UAF) issue, with a CVSS v3.1 base score of 7.8, poses significant risks, including Denial of Service (DoS) and Remote Code Execution (RCE), which could allow attackers to take control of affected systems. […]<\/p>\n","protected":false},"author":5,"featured_media":7407,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[28,34,30],"tags":[],"class_list":["post-8724","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-galaxy-dna","category-galaxy-dna-en","category-news"],"acf":[],"_links":{"self":[{"href":"https:\/\/galaxyholdings.co\/en\/wp-json\/wp\/v2\/posts\/8724","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/galaxyholdings.co\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/galaxyholdings.co\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/galaxyholdings.co\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/galaxyholdings.co\/en\/wp-json\/wp\/v2\/comments?post=8724"}],"version-history":[{"count":4,"href":"https:\/\/galaxyholdings.co\/en\/wp-json\/wp\/v2\/posts\/8724\/revisions"}],"predecessor-version":[{"id":10293,"href":"https:\/\/galaxyholdings.co\/en\/wp-json\/wp\/v2\/posts\/8724\/revisions\/10293"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/galaxyholdings.co\/en\/wp-json\/wp\/v2\/media\/7407"}],"wp:attachment":[{"href":"https:\/\/galaxyholdings.co\/en\/wp-json\/wp\/v2\/media?parent=8724"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/galaxyholdings.co\/en\/wp-json\/wp\/v2\/categories?post=8724"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/galaxyholdings.co\/en\/wp-json\/wp\/v2\/tags?post=8724"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}