EIP-2026-100075

PRE-CVE

Linux Kernel (ARM/ARM64) - 'perf_event_open()' Arbitrary Memory Read

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100075. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages a vulnerability in the ARM perf_event_open() implementation to bypass access_ok() checks by triggering events during KERNEL_DS contexts, allowing arbitrary kernel memory reads. The PoC demonstrates leaking kernel data by manipulating stack frames.

Description

Linux Kernel (ARM/ARM64) - 'perf_event_open()' Arbitrary Memory Read

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosarm

https://www.exploit-db.com/exploits/40182

View Code ZIP pw:eip

This exploit leverages a vulnerability in the ARM perf_event_open() implementation to bypass access_ok() checks by triggering events during KERNEL_DS contexts, allowing arbitrary kernel memory reads. The PoC demonstrates leaking kernel data by manipulating stack frames.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Linux kernel (ARM/ARM64) < 4.2 (commit b3eac026)

Auth required

Prerequisites: Root access to disable kptr_restrict · ARM-based device with vulnerable kernel

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1082 - System Information Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026