Skip to content

kernelctf: add CVE-2025-38248_cos#327

Open
Varde7918 wants to merge 1 commit intogoogle:masterfrom
Varde7918:master
Open

kernelctf: add CVE-2025-38248_cos#327
Varde7918 wants to merge 1 commit intogoogle:masterfrom
Varde7918:master

Conversation

@Varde7918
Copy link

@Varde7918 Varde7918 commented Jan 31, 2026

No description provided.

@Varde7918
kernelctf: add CVE-2025-38248_cos (#1)
f5caa24 
* kernelctf: add CVE-2025-38248_cos

* kernelctf: add CVE-2025-38248_cos

* kernelctf: add CVE-2025-38248_cos

* kernelctf: add CVE-2025-38248_cos

* kernelctf: add CVE-2025-38248_cos

* kernelctf: add CVE-2025-38248_cos

* kernelctf: add CVE-2025-38248_cos

* kernelctf: add CVE-2025-38248_cos

* kernelctf: add CVE-2025-38248_cos

* kernelctf: add CVE-2025-38248_cos

* kernelctf: add CVE-2025-38248_cos

* kernelctf: add CVE-2025-38248_cos

* kernelctf: add CVE-2025-38248_cos

* kernelctf: add CVE-2025-38248_cos

* kernelctf: add CVE-2025-38248_cos
@google-cla
Copy link

google-cla bot commented Jan 31, 2026

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

artmetla
artmetla reviewed Feb 6, 2026
View reviewed changes
pocs/linux/kernelctf/CVE-2025-38248_cos/exploit/cos-121-18867.294.25/exploit.c
@@ -0,0 +1,936 @@
#define _GNU_SOURCE
Copy link
Collaborator

@artmetla artmetla Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

According to kernelCTF rules (https://google.github.io/security-research/kernelctf/rules.html#kernelxdk-integration) all of the submissions from 2025-10-23 have to use the kernelXDK (Kernel eXploit Development Kit, read more here: xdk.dev) in the Github PR.

artmetla
artmetla reviewed Feb 6, 2026
View reviewed changes
pocs/linux/kernelctf/CVE-2025-38248_cos/docs/vulnerability.md
context is disabled on each port and the port is removed from the global
router port list:

# ip link add name br1 up type bridge vlan_filtering 1 mcast_snooping 1
Copy link
Collaborator

@artmetla artmetla Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you have another look at Markdown in the file? Right now "#" is interpreted like a header of the document. It's probably worth to use ``` block to enclose "bash" commands in it.

artmetla
artmetla reviewed Feb 6, 2026
View reviewed changes
pocs/linux/kernelctf/CVE-2025-38248_cos/docs/vulnerability.md
@@ -0,0 +1,147 @@
##bridge: mcast: Fix use-after-free during router port configuration
Copy link
Collaborator

@artmetla artmetla Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The file lacks important information, like what are the versions affected, what capabilities (if any) needed to exploit the vuln, what configurations should be enabled etc. Please, check other (already merged exploit PRs) to see the what the file should contain. For example, https://github.com/google/security-research/blob/master/pocs/linux/kernelctf/CVE-2025-37752_cos/docs/vulnerability.md

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@artmetla artmetla artmetla left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Varde7918 @artmetla