Today I am releasing the eighth article in the Exploiting Reversing Series (ERS). In “Exploitation Techniques | CVE-2024-30085 (Part 02)” I provide a 91-page deep dive and a comprehensive roadmap for vulnerability exploitation:

https://exploitreversing.com/wp-content/uploads/2026/03/exploit_reversing_08.pdf

Key features of this edition:

[+] Dual Exploit Strategies: Two distinct exploit versions leveraging the I/O Ring technique.
[+] Exploit ALPC + WNF OOB + Pipe Attributes + I/O Ring: elevation of privilege of a regular user to SYSTEM.
[+] Replaced ALPC one-shot write with Pipe Attribute spray for I/O Ring RegBuffers corruption: more reliable adjacency control.
[+] Exploit WNF OOB + I/O Ring Read/Write: elevation of privilege of a regular user to SYSTEM.
[+] Pure I/O Ring primitive: eliminated ALPC dependency entirely. WNF overflow directly corrupts I/O Ring RegBuffers for arbitrary kernel read/write.
[+] Solid Reliability: Two complete, stable exploits, including an improved cleanup stage.

This article guides you through two additional techniques for exploiting the CVE-2024-30085 Heap Buffer Overflow. While demonstrated here, these methods can be adapted as exploitation techniques for many other kernel targets.

I would like to thank Ilfak Guilfanov (@ilfak on X) and Hex-Rays SA (@HexRaysSA on X) for their constant and uninterrupted support, which has been vital in helping me produce this series.

I hope this serves as a definitive resource for your research. If you find it helpful, please feel free to share it or reach out with your feedback!

Enjoy the read and have an excellent day.

Alexandre Borges
(March 31, 2026)

PS: The videos demonstrating the exploit are below: