## https://sploitus.com/exploit?id=2CFE0ED8-8947-5416-9FF0-4B6CA997AB7E
# CVE-2025-39866 - use-after-free
**Author: Byte Reaper**
## Description
This POC attempts to exploit the CVE-2025-39866 vulnerability, which is a flaw in Linux systems i_wbāĀ andĀ schedulesĀ theĀ criticalĀ freeĀ viaĀ āwb_put_manyā.
step 3 :
- thread 2 : free wb_olb
- thread 1 -> pointer - free object wb (free old)
-> access free address -> crash kernel (segfault)
```
## Requirements :
```
Linux x86_64
kernel linux < 6.12.16
```
## Build :
```
1 - He created a Makefile and included these commands to compile and build the kernel module:
obj-m += exploit.o
KDIR := /usr/src/linux-headers-6.12.38+kali-amd64
PWD := $(shell pwd)
all:
make -C $(KDIR) M=$(PWD) modules
clean:
make -C $(KDIR) M=$(PWD) clean
```
## Run :
```
# make clean
# make
1 - You will find a file named "exploit.ko," which is a kernel module. To load it into the kernel space, use the insmod tool :
# insmod exploit.ko
```
## References :
- NVD : https://nvd.nist.gov/vuln/detail/CVE-2025-39866
- CVE : https://vulners.com/cve/CVE-2025-39866
## Observation :
- Soon, I will develop an exploit that uses other methods to manipulate the wb struct, such as reducing the refcount or deleting the wb cache from the list cache. I will also add attempts to execute Memory Spraying and attempts to detect leaks or escalate privileges in the system. This is just a proof of concept for the vulnerability.
## License :
MIT