This policy covers the WSA x86_64 ReSukiSU fork, especially:
- The x86_64 KPM ELF loader.
- RELA relocation handling.
- Inline hook, function pointer hook and hotpatch backends.
- The Android x86_64
ksud kpmcommand path. - Manager integration that depends on the fork-specific
libksud.so.
Issues in upstream Linux, KernelSU, SukiSU, ReSukiSU or SUSFS that are not specific to this WSA x86_64 fork should be reported to those projects.
Security fixes are targeted at the current main branch and the latest WSA x86_64 KPM release consumed by Ognisty321/WSA-Linux-Kernel. Older local test builds are not supported unless the issue is reproducible on current main.
The KPM loader accepts .kpm objects from privileged ksud kpm callers and from the boot-time /data/adb/kpm autoload directory. A malicious or corrupted .kpm can already execute with kernel privileges if it loads successfully, so the main security boundary is loader and parser correctness before successful registration: malformed ELF input, relocation bounds, hook restore correctness, executable memory permissions and userspace reporting fidelity.
The /data/adb/kpm directory must be a real directory with mode 700. A /data/adb/kpm.disabled marker disables boot-time autoload after a failed autoload attempt or manual recovery action.
Please do not open a public issue for a suspected security bug. Use a private advisory on the repository that contains the affected code:
- ReSukiSU fork: https://github.com/Ognisty321/ReSukiSU/security/advisories/new
- WSA kernel fork: https://github.com/Ognisty321/WSA-Linux-Kernel/security/advisories/new
Include:
- Minimal
.kpmsample or reproduction steps. - Output of
ksud kpm doctor --json. - Output of
ksud kpm audit --jsonafter the attempted load. - Output of
adb shell uname -a. - Relevant
dmesglines. - Kernel config, WSA kernel release tag, kernel SHA256 and ReSukiSU submodule commit.
- WSA package version, Windows build and whether Windows Memory Integrity was on or off.
- Memory corruption, use after free, out of bounds or double free in the KPM loader and hook backend.
- Parser bugs reachable from a crafted
.kpmfile. - Incorrect relocation handling that can redirect execution unexpectedly.
- Hook restore failures that leave kernel text or function pointers in an inconsistent state.
- Userspace command bugs that report success after kernel-side failure.
- Bugs that require an attacker to already have arbitrary kernel write access.
- Phone-vendor Android driver bugs not present in WSA.
- Upstream issues that are not introduced by this fork.
- Reports based only on unsupported ARM64
.kpmbinaries failing to load on x86_64.
Security-sensitive changes should keep these properties intact:
- Failed loads must leave no partially registered KPM module.
- Failed hotpatch commits must roll back earlier writes when rollback is possible.
- Failed unload must keep the module resident instead of freeing executable memory while hooks may still point at it.
/data/adb/kpmmust be a real directory, not a symlink, and should use mode700./data/adb/kpm.disabledmust suppress boot-time autoload until removed.- Diagnostics should expose concrete error codes rather than converting failures into success.