Add recent Linux kernel LPEs

.gitignore

@@ -0,0 +1 @@
+*/.vagrant/

LICENSE

@@ -0,0 +1,12 @@
+Copyright (C) 2026 by Kris Lamoureux
+
+Permission to use, copy, modify, and/or distribute this software for
+any purpose with or without fee is hereby granted.
+
+THE SOFTWARE IS PROVIDED “AS IS” AND THE AUTHOR DISCLAIMS ALL
+WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE
+FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY
+DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
+OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

README.md

@@ -0,0 +1,35 @@
+# vulnlab
+
+vulnlab is a collection of version-pinned Vagrant virtual machines, each
+intentionally running software with known vulnerabilities. The goal is to give
+you a reproducible, sandboxed environment for testing proof-of-concept exploits,
+experimenting with mitigations, testing patches, and learning how specific
+vulnerabilities work hands-on.
+
+Each box directory includes a `scratch/` folder for downloading and compiling
+source-based PoCs before Vagrant rsyncs them to `/vagrant` on the guest.
+
+## Quick Start
+
+1.  Change into the vulnerable Vagrant box directory, e.g.,
+
+        cd debian13-20260221.0/
+
+2.  Reset the virtual machine and login
+
+        vagrant destroy -f && vagrant up && vagrant ssh
+
+3.  Exploit
+
+## Boxes
+
+| Directory           | Base Box              | Version    |
+| ------------------- | --------------------- | ---------- |
+| debian13-20260221.0 | krislamo.org/debian13 | 20260221.0 |
+
+## Vulnerabilities
+
+| CVE            | Name      | CVSS | Type | Box                 | Exploit                                  |
+| -------------- | --------- | ---- | ---- | ------------------- | ---------------------------------------- |
+| CVE-2026-31431 | copyfail  | 7.8  | LPE  | debian13-20260221.0 | [Python PoC](https://copy.fail/#exploit) |
+| CVE-2026-43284 | dirtyfrag | 8.8  | LPE  | debian13-20260221.0 | [C PoC](https://dirtyfrag.io/)           |

debian13-20260221.0/Vagrantfile

@@ -0,0 +1,10 @@
+Vagrant.configure("2") do |config|
+  config.vm.box = "krislamo.org/debian13"
+  config.vm.box_version = "20260221.0"
+  config.vm.hostname = "debian13-20260221"
+  config.vm.synced_folder ".", "/vagrant", type: "rsync"
+  config.vm.provision "shell", inline: <<-SHELL
+    rm /etc/sudoers.d/vagrant || exit 1
+    passwd -l root || exit 1
+  SHELL
+end

debian13-20260221.0/scratch/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore