-
Notifications
You must be signed in to change notification settings - Fork 416
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add kernelCTF CVE-2023-4622_lts (#74)
* Prepare CVE-2023-4622 * Start write exploit.md * Exploit arch templeate * Add more word on exploit doc * comment corrupt_msg * more comment * Update exploit.md * Modify exploit for fit reproduce system * Update exploit.md * Add Achieve container escape section in exploit doc: * Add more comment in exploit code * Add EntryBleed section and fix Makfefile * Update exploit.md * Update exploit.md * Add self timeout * Update exploit.md * Update metadata.json * Update metadata.json * Update metadata.json * Add more comments on poc.c for read * Update poc.c --------- Co-authored-by: Bing-Jhong Billy Jheng <[email protected]> Co-authored-by: M Ramdhan <[email protected]>
- Loading branch information
1 parent
58262d4
commit 1deeb22
Showing
12 changed files
with
1,334 additions
and
0 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
14 changes: 14 additions & 0 deletions
14
pocs/linux/kernelctf/CVE-2023-4622_lts/docs/vulnerability.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
- Requirements: | ||
- Capabilites: NA | ||
- Kernel configuration: CONFIG_UNIX=y | ||
- User namespaces required: No | ||
- Introduced by: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=869e7c62486e | ||
- Fixed by: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-6.1.y&id=790c2f9d15b594350ae9bca7b236f2b1859de02c | ||
- Affected Version: v4.2 - v6.4 | ||
- Affected Component: af_unix | ||
- Syscall to disable: splice | ||
- URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4622 | ||
- Cause: Use-After-Free | ||
- Description: A use-after-free vulnerability in the Linux kernel's af_unix. unix_stream_sendpage() tries to add data to the last skb in the peer's | ||
recv queue without locking the queue. So, there is a race where unix_stream_sendpage() could access an skb locklessly that is being | ||
released by garbage collection, resulting in use-after-free. We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c. |
12 changes: 12 additions & 0 deletions
12
pocs/linux/kernelctf/CVE-2023-4622_lts/exploit/lts-6.1.36/Makefile
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
exploit: poc root run.sh | ||
tar czf ./poc.tar.gz poc root | ||
cp run.sh exploit | ||
fallocate -l 512 exploit | ||
dd if=poc.tar.gz of=exploit conv=notrunc oflag=append | ||
|
||
poc: poc.c | ||
gcc -o poc poc.c -static -pthread | ||
root: root.c | ||
gcc -o root root.c -static | ||
clean: | ||
rm -rf poc root exploit poc.tar.gz |
Binary file not shown.
Binary file not shown.
Oops, something went wrong.