Skip to content

add CVE-2025-40019_lts_cos_mitigation#32

Open
d4em0n wants to merge 3 commits into
masterfrom
CVE-2025-40019_lts_cos_mitigation
Open

add CVE-2025-40019_lts_cos_mitigation#32
d4em0n wants to merge 3 commits into
masterfrom
CVE-2025-40019_lts_cos_mitigation

Conversation

@d4em0n

@d4em0n d4em0n commented Dec 15, 2025

Copy link
Copy Markdown
Collaborator

No description provided.

@d4em0n d4em0n force-pushed the CVE-2025-40019_lts_cos_mitigation branch 2 times, most recently from f80764a to 3393df1 Compare December 15, 2025 06:55
@d4em0n d4em0n force-pushed the CVE-2025-40019_lts_cos_mitigation branch from 3393df1 to 9b07de0 Compare December 15, 2025 07:02
- Rewrite exploit.md with detailed vulnerability description, chained SGL
  technique (first_rsgl → second_rsgl → tsgl), outlen=0 trick, ctl_buf
  spray mechanism, and scatterwalk_ffwd traversal explanation
- Document 0x9c000 (trampoline_pgd) first-pass PTE with link to
  CVE-2023-6560 exploit documentation for reference
- Update exploit.c comments across all targets to match documentation
- Remove unused SO_RCVBUF setsockopt on authenc socket
- Add PAGE_SIZE, SCATTERLIST_OFFS_*, PHYS_ADDR_ALIGN_MASK defines
- Extract create_aead_tfmfd() helper to deduplicate AEAD socket setup
- Make data_buf, unix_sockfd, authenc_opfd local instead of global
- Use named constants instead of magic numbers throughout
- Add clarifying comments for volatile, root_payload, slab ordering
- Remove dead code after while(1) sleep(1)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant