0xlane

2 exploits Active since Mar 2024

CVE-2024-3094 NOMISEC CRITICAL WORKING POC

xz <5.6.0 - Code Injection

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.

17 stars

CVSS 10.0

View Code

CVE-2026-31431 NOMISEC HIGH WORKING POC

crypto: algif_aead - Revert to operating out-of-place

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

CVSS 7.8

View Code