Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-39946 PoC — Linux kernel 安全漏洞

Source
https://github.com/farazsth98/exploit-CVE-2025-39946
Associated Vulnerability
Title:Linux kernel 安全漏洞 (CVE-2025-39946)
Description:Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于TLS流未在发现无效记录头时及时中止,可能导致缓冲区溢出。
Description
Exploit for CVE-2025-39946, a bug in the Linux kernel's net/tls subsystem.
Readme
# README

This is an exploit for CVE-2025-39946. It will work on the `lts-6.12.48` kCTF instance (but not 100% reliable).

I wrote a blog post analysing this vulnerability in detail. [Check it out here](https://faith2dxy.xyz/2025-10-02/kCTF-TLS-nday-analysis/)!

# Adapting for other kernel versions

The only modification the exploit should need to work for other kernel versions is a change to the `CORE_PATTERN_OFFSET`. You'll have to get the target kernel's `bzImage`, load the kernel with root privs, and compare `core_pattern`'s address with `_text`'s address in `/proc/kallsyms`.

I don't think any other changes will be necessary to adapt the exploit for other versions.
File Snapshot

 [4.0K]  /data/pocs/587d975541073b8c8d63472d527c6d8cfb312b42
├── [9.8K]  exploit.c
├── [  39]  Makefile
└── [ 679]  README.md

1 directory, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.