Skip to content

add CVE-2025-39682_lts_cos_mitigation#18

Open
d4em0n wants to merge 12 commits into
masterfrom
CVE-2025-39682-lts-cos-mitigation
Open

add CVE-2025-39682_lts_cos_mitigation#18
d4em0n wants to merge 12 commits into
masterfrom
CVE-2025-39682-lts-cos-mitigation

Conversation

@d4em0n

@d4em0n d4em0n commented Sep 22, 2025

Copy link
Copy Markdown
Collaborator

No description provided.

- Remove unused globals (buf2, sprayfd2) and remove unneeded sprayfd
  socket spray that was confirmed unnecessary via remote testing
- Rename variables to descriptive names: pfd→splice_pipe, pfd2→uaf_pipe,
  pfds→page_spray_pipes, addrs→pte_trigger_maps, dummy_serv/cli→aux_client/conn,
  tpfd→victim_pte_pipe_fd, pa→core_pattern_pte, etc.
- Add #define constants with comments for all magic numbers:
  PAGE_SPRAY_PIPE_COUNT, PTE_SPRAY_MAP_COUNT, PTE_MAP_STRIDE, PTE_FLAGS_RW,
  PHYSMAP_ZERO_OFFSET, PHYSMAP_CORE_PATTERN
- Add top-level block comment explaining the full exploit chain
  (page UAF → writable pipe → PTE reclaim → core_pattern write)
- Add numbered step comments throughout main() keyed to kernel function
  names (tls_strp_load_anchor_with_queue, spd_fill_page, get_page, etc.)
- Rename TLS record variables to tls_appdata_record, tls_handshake_record,
  tls_spliced_record for clarity
- All three targets verified working on remote after changes
@d4em0n d4em0n force-pushed the CVE-2025-39682-lts-cos-mitigation branch from 15b82fa to f768b36 Compare February 25, 2026 07:54
Resolves maintainer comment to move the inline Python script from
vulnerability.md into a standalone, runnable .py file.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants