This upload contains artifacts developed during a research project, which got accepted at USENIX Security '25. Abstract This paper shows how side-channel leakage in kernel defenses can be exploited to leak the locations of security-critical kernel objects, enabling reliable and stable attacks on the Linux kernel. By systematically analyzing 127 defenses, we show that enabling any of three specific defenses - strict memory permissions, kernel heap virtualization, or stack virtualization - exposes fine-grained TLB contention patterns. These patterns are then combined with kernel allocator massaging to perform location disclosure attacks, revealing the locations of kernel heap objects, page tables, and stacks. The artifacts demonstrate the timing side channel attack and the exploit techniques. For both, we provide a kernel module and programs to perform the experiments. For the timing side channel, we leak the location of kernel heap objects (i.e. pipe_buffer, msg_msg, cred, file and seq_file), page tables (all levels) and the kernel stack. While our timing side channel should work on all Intel generations between 8th and 14th, we recommend evaluating on Intel 13th generation, as we have mainly evaluated on this one. While our timing side channel should work on Linux kernels between v5.15 and v6.8, we recommend evaluating on the Ubuntu generic kernel v6.8. For the exploit techniques, we perform privilege escalation using the 3 techniques supported by the side channel. Description The artifacts contain all distinct experiments and exploits from the paper. Our test environment was mainly the 13th generation Intel i7-1360 running Ubuntu 24.04. The kernel versions were either the generic Ubuntu Linux kernel v6.8 or the kernel v6.6 which was intended to be used for virtualizing the kernel heap defense, i.e. SLAB_VIRTUAL [1]. We structure the key artifacts as following: Kernel Module lkm.c include/lkm.h include/ulkm.h These files contain the kernel module including the user-space interface. This module is used for obtaining the ground truth of the object's location for the side channel or granting the initial exploit primitive for the exploit techniques. Location Disclosure Attacks heap page-table stack These folders contain the location disclosure attacks for leaking the location of kernel heap objects, page tables, and the kernel stack. Exploit Techniques attacks This folder contains the exploit techniques. Others generic include These folders contain generic TLB side-channel attacks and headers for the other parts. [1] https://lore.kernel.org/linux-mm/202309151425.2BE59091@keescook/T/