{"uuid": "b67ebc38-0328-41a0-8ef5-3278cdeaca12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37752", "type": "published-proof-of-concept", "source": "https://t.me/linkersec/314", "content": "[CVE-2025-37752] Two Bytes Of Madness: Pwning The Linux Kernel With A 0x0000 Written 262636 Bytes Out-Of-Bounds\n\nGreat article by D3vil about exploiting a type confusion in the network scheduler subsystem and pwning all kernelCTF instances.\n\nAuthor exploited a severely-limited OOB side-effect of the bug to corrupt pipe_inode_info->tmp_page and gain a page UAF read/write primitive. Researcher then swapped the private_data and f_cred fields of a signalfd file structure and overwrote the credentials via signalfd_ctx.", "creation_timestamp": "2025-05-13T20:33:47.000000Z"}