EIP-2026-102643

PRE-CVE

Linux Kernel - 'AF_PACKET' Use-After-Free (1)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102643. PoCs published by SecuriTeam.

AI-analyzed exploit summary This is a functional proof-of-concept exploit for a use-after-free vulnerability in the Linux Kernel's AF_PACKET implementation (CVE-2026-125620). The exploit triggers a race condition between fanout_add and bind operations, leading to a privilege escalation via a use-after-free in the packet socket handling code.

Description

Linux Kernel - 'AF_PACKET' Use-After-Free (1)

Exploits (1)

exploitdb WORKING POC

by SecuriTeam · cdoslinux

https://www.exploit-db.com/exploits/43010

View Code ZIP pw:eip

This is a functional proof-of-concept exploit for a use-after-free vulnerability in the Linux Kernel's AF_PACKET implementation (CVE-2026-125620). The exploit triggers a race condition between fanout_add and bind operations, leading to a privilege escalation via a use-after-free in the packet socket handling code.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Linux Kernel (versions prior to fix in 4.14-rc2)

No auth needed

Prerequisites: Kernel with AF_PACKET support · KASAN enabled for crash reporting · Unprivileged user namespace access

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026