Add recent Linux kernel LPEs

2026-05-21 23:22:06 -04:00
commit 49cc6bba60
5 changed files with 60 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -0,0 +1,35 @@
+# vulnlab
+
+vulnlab is a collection of version-pinned Vagrant virtual machines, each
+intentionally running software with known vulnerabilities. The goal is to give
+you a reproducible, sandboxed environment for testing proof-of-concept exploits,
+experimenting with mitigations, testing patches, and learning how specific
+vulnerabilities work hands-on.
+
+Each box directory includes a `scratch/` folder for downloading and compiling
+source-based PoCs before Vagrant rsyncs them to `/vagrant` on the guest.
+
+## Quick Start
+
+1.  Change into the vulnerable Vagrant box directory, e.g.,
+
+        cd debian13-20260221.0/
+
+2.  Reset the virtual machine and login
+
+        vagrant destroy -f && vagrant up && vagrant ssh
+
+3.  Exploit
+
+## Boxes
+
+| Directory           | Base Box              | Version    |
+| ------------------- | --------------------- | ---------- |
+| debian13-20260221.0 | krislamo.org/debian13 | 20260221.0 |
+
+## Vulnerabilities
+
+| CVE            | Name      | CVSS | Type | Box                 | Exploit                                  |
+| -------------- | --------- | ---- | ---- | ------------------- | ---------------------------------------- |
+| CVE-2026-31431 | copyfail  | 7.8  | LPE  | debian13-20260221.0 | [Python PoC](https://copy.fail/#exploit) |
+| CVE-2026-43284 | dirtyfrag | 8.8  | LPE  | debian13-20260221.0 | [C PoC](https://dirtyfrag.io/)           |