google · quanggle97 · Feb 25, 2026 · Feb 25, 2026 · Feb 25, 2026 · Feb 26, 2026
diff --git a/pocs/linux/kernelctf/CVE-2025-40214_lts_cos/docs/exploit.md b/pocs/linux/kernelctf/CVE-2025-40214_lts_cos/docs/exploit.md
@@ -0,0 +1,4 @@
+Exploit Details
+===============
+
+Coming soon.
diff --git a/pocs/linux/kernelctf/CVE-2025-40214_lts_cos/docs/vulnerability.md b/pocs/linux/kernelctf/CVE-2025-40214_lts_cos/docs/vulnerability.md
@@ -0,0 +1,20 @@
+# Vulnerability
+
+Uninitialized member scc_index of struct unix_vertex leading to Unix garbage collector misjudged an inflight unix socket as dead.
+
+## Requirements to trigger the vulnerability:
+- Capabilities: No capabilities are required to trigger the vulnerability.
+- Kernel configuration: CONFIG_UNIX are required to trigger this vulnerability.
+- Are user namespaces needed?: No.
+
+## Commit which introduced the vulnerability
+- `https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ad081928a8b0`
+
+## Commit which fixed the vulnerability
+- `https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=60e6489f8e3b086bd1130ad4450a2c112e863791`
+
+## Affected component, subsystem
+- Unix socket
+
+## Cause (UAF, BoF, race condition, double free, refcount overflow, etc)
+- UAF
diff --git a/pocs/linux/kernelctf/CVE-2025-40214_lts_cos/exploit/cos-113-18244.521.7/Makefile b/pocs/linux/kernelctf/CVE-2025-40214_lts_cos/exploit/cos-113-18244.521.7/Makefile
@@ -0,0 +1,10 @@
+exploit:
+	g++ -static -Ofast exploit.cc -o exploit -lpthread -lkernelXDK
+
+exploit_debug:
+	g++ -static -Ofast exploit.cc -o exploit_debug -lpthread -lkernelXDK
+
+prerequisites:
+
+run:
+	./exploit
diff --git a/pocs/linux/kernelctf/CVE-2025-40214_lts_cos/exploit/cos-113-18244.521.7/exploit b/pocs/linux/kernelctf/CVE-2025-40214_lts_cos/exploit/cos-113-18244.521.7/exploit