-
Notifications
You must be signed in to change notification settings - Fork 417
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add kernelCTF CVE-2023-4622_cos (#81)
* Upload CVE-2023-4622_cos * Fix offset issue --------- Co-authored-by: Bing-Jhong Billy Jheng <[email protected]>
- Loading branch information
Showing
12 changed files
with
1,334 additions
and
0 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
14 changes: 14 additions & 0 deletions
14
pocs/linux/kernelctf/CVE-2023-4622_cos/docs/vulnerability.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| - Requirements: | ||
| - Capabilites: NA | ||
| - Kernel configuration: CONFIG_UNIX=y | ||
| - User namespaces required: No | ||
| - Introduced by: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=869e7c62486e | ||
| - Fixed by: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-6.1.y&id=790c2f9d15b594350ae9bca7b236f2b1859de02c | ||
| - Affected Version: v4.2 - v6.4 | ||
| - Affected Component: af_unix | ||
| - Syscall to disable: splice | ||
| - URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4622 | ||
| - Cause: Use-After-Free | ||
| - Description: A use-after-free vulnerability in the Linux kernel's af_unix. unix_stream_sendpage() tries to add data to the last skb in the peer's | ||
| recv queue without locking the queue. So, there is a race where unix_stream_sendpage() could access an skb locklessly that is being | ||
| released by garbage collection, resulting in use-after-free. We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c. |
12 changes: 12 additions & 0 deletions
12
pocs/linux/kernelctf/CVE-2023-4622_cos/exploit/cos-105-17412.101.42/Makefile
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| exploit: poc root run.sh | ||
| tar czf ./poc.tar.gz poc root | ||
| cp run.sh exploit | ||
| fallocate -l 512 exploit | ||
| dd if=poc.tar.gz of=exploit conv=notrunc oflag=append | ||
|
|
||
| poc: poc.c | ||
| gcc -o poc poc.c -static -pthread | ||
| root: root.c | ||
| gcc -o root root.c -static | ||
| clean: | ||
| rm -rf poc root exploit poc.tar.gz |
Binary file added
BIN
+953 KB
pocs/linux/kernelctf/CVE-2023-4622_cos/exploit/cos-105-17412.101.42/exploit
Binary file not shown.
Binary file added
BIN
+1.52 MB
pocs/linux/kernelctf/CVE-2023-4622_cos/exploit/cos-105-17412.101.42/poc
Binary file not shown.
Oops, something went wrong.