关联漏洞
描述
A variant of CVE-2024-58239
介绍
# CVE-2025-39682 exploit on kernelCTF mitigation instance
This is also my first (? idk, this is a variant of CVE-2024-58239) 1-day exploit.
Patch: [tls: fix handling of zero-length records on the rx_list](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/tls?id=62708b9452f8eb77513115b17c4f8d1a22ebf843)
This CVE was used in `exp398` and and `exp403`. [kernelCTF spreadsheet](https://docs.google.com/spreadsheets/d/e/2PACX-1vS1REdTA29OJftst8xN5B5x8iIUcxuK6bXdzF8G1UXCmRtoNsoQ9MbebdRdFnj6qZ0Yd7LwQfvYC2oF/pubhtml#).
For folder structures and how to run the exploit, refer to my [CVE-2024-58239 repo](https://github.com/khoatran107/cve-2024-58239).
I modify my previous exploit "a little bit". And it works on the same `mitigation-v4-6.6` instance, with a better success rate.
Success rate: 79/100.
Run on kernelCTF instance:
Detailed write-up coming later, for both CVEs.
文件快照
[4.0K] /data/pocs/e42de9d2528bb47581f24221bc3f77a72168f9de
├── [ 723] calc_AC_rate.py
├── [ 81] compile.sh
├── [4.0K] exploit
│ └── [4.0K] mitigation-v4-6.6
│ ├── [954K] client
│ ├── [9.4K] client.cpp
│ ├── [3.5K] exploit.c
│ ├── [ 365] Makefile
│ ├── [834K] server
│ ├── [4.6K] server.cpp
│ ├── [5.4K] shared.h
│ └── [4.4K] sprayer.h
├── [ 24] flag
├── [ 588] local_runner.sh
├── [1.4K] qemu.sh
├── [ 958] README.md
├── [2.2K] script.gdb
├── [4.0K] shared
│ └── [818K] exploit
└── [ 483] test.py
3 directories, 17 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。