CVE-2026-23416

EIP tracks 3 public exploits for CVE-2026-23416. PoCs published by adminlove520, XZ1r0, bluedragonsecurity.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2026-23416, a vulnerability in the Linux kernel's mm/mseal subsystem affecting versions 6.17 through 7.0-rc5. The exploit demonstrates a logic error in mseal_apply() where stale VMA end values lead to incorrect VM_SEALED application, potentially undermining memory protection guarantees.

In the Linux kernel, the following vulnerability has been resolved: mm/mseal: update VMA end correctly on merge Previously we stored the end of the current VMA in curr_end, and then upon iterating to the next VMA updated curr_start to curr_end to advance to the next VMA. However, this doesn't take into account the fact that a VMA might be updated due to a merge by vma_modify_flags(), which can result in curr_end being stale and thus, upon setting curr_start to curr_end, ending up with an incorrect curr_start on the next iteration. Resolve the issue by setting curr_end to vma->vm_end unconditionally to ensure this value remains updated should this occur. While we're here, eliminate this entire class of bug by simply setting const curr_[start/end] to be clamped to the input range and VMAs, which also happens to simplify the logic.