EIP-2026-102644

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102644. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages an integer overflow in the Linux kernel's L2TP PPP sendmsg implementation via the AIO subsystem, leading to kernel heap corruption and potential local privilege escalation on 64-bit systems running older kernel versions (e.g., 3.10, 3.18). The PoC triggers the vulnerability by submitting a crafted IOCB_CMD_PWRITE operation with an excessively large size value.

Description

Linux Kernel - io_submit L2TP sendmsg Integer Overflow

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · cdoslinux

https://www.exploit-db.com/exploits/39505

View Code ZIP pw:eip

This exploit leverages an integer overflow in the Linux kernel's L2TP PPP sendmsg implementation via the AIO subsystem, leading to kernel heap corruption and potential local privilege escalation on 64-bit systems running older kernel versions (e.g., 3.10, 3.18). The PoC triggers the vulnerability by submitting a crafted IOCB_CMD_PWRITE operation with an excessively large size value.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Linux kernel versions 3.10 and 3.18 (64-bit)

No auth needed

Prerequisites: 64-bit system · Linux kernel 3.10 or 3.18 · Unprivileged user access

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Linux Kernel - io_submit L2TP sendmsg Integer Overflow

Exploitation Summary

Description

Exploits (1)

Details