google · st424204 · Oct 14, 2025 · Oct 14, 2025 · Oct 16, 2025 · Oct 16, 2025
diff --git a/pocs/linux/kernelctf/CVE-2025-39964_lts_cos_mitigation/docs/exploit.md b/pocs/linux/kernelctf/CVE-2025-39964_lts_cos_mitigation/docs/exploit.md
diff --git a/pocs/linux/kernelctf/CVE-2025-39964_lts_cos_mitigation/docs/vulnerability.md b/pocs/linux/kernelctf/CVE-2025-39964_lts_cos_mitigation/docs/vulnerability.md
@@ -0,0 +1,12 @@
+- Requirements:
+	- Capabilities: 
+	- Kernel configuration: CONFIG_CRYPTO_USER_API
+	- User namespaces required: No
+- Introduced by: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8ff590903d5fc7f5a0a988c38267a3d08e6393a2
+- Fixed by: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=1b34cbbf4f011a121ef7b2d7d6e6920a036d5285
+- Affected kernel versions: v2.6.36 - v6.16
+- Affected component: crypto/af_alg
+- Cause:  Out-of-bound access
+- Syscall to disable:
+- URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-39964
+- Description: A Out-of-bound access in the Linux kernel's crypto/af_alg. In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg Issuing two writes to the same af_alg socket is bogus as the data will be interleaved in an unpredictable fashion. Furthermore, concurrent writes may create inconsistencies in the internal socket state. Disallow this by adding a new ctx->write field that indiciates exclusive ownership for writing.
diff --git a/pocs/linux/kernelctf/CVE-2025-39964_lts_cos_mitigation/exploit/cos-121-18867.199.28/Makefile b/pocs/linux/kernelctf/CVE-2025-39964_lts_cos_mitigation/exploit/cos-121-18867.199.28/Makefile
@@ -0,0 +1,5 @@
+all: exploit
+
+exploit: exploit.c
+	gcc -static-pie -o exploit exploit.c
+
diff --git a/pocs/linux/kernelctf/CVE-2025-39964_lts_cos_mitigation/exploit/cos-121-18867.199.28/exploit b/pocs/linux/kernelctf/CVE-2025-39964_lts_cos_mitigation/exploit/cos-121-18867.199.28/exploit