kernelCTF: CVE-2023-6817 mitigation (#83)

pocs/linux/kernelctf/CVE-2023-6817_mitigation/docs/vulnerability.md

@@ -0,0 +1,20 @@
+- Requirements:
+    - Capabilites: CAP_NET_ADMIN
+    - Kernel configuration: CONFIG_NF_TABLES=y
+    - User namespaces required: Yes
+- Introduced by: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=3c4287f62044a90e73a561aa05fc46e62da173da
+- Fixed by: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=317eb9685095678f2c9f5a8189de698c5354316a
+- Affected Version: v5.6 - v6.8
+- Affected Component: netfilter, nftables
+- URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6817
+- Cause: Use-After-Free
+
+A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free.
+
+As per the patch commit:
+```
++		if (!nft_set_elem_active(&e->ext, iter->genmask))
++			goto cont;
+```
+
+The nft_pipapo_walk does not verify whether elements are active in the current generation. Multiple callers triggering a walk operation can then re-use elements which were destroyed earlier in the current transaction.

pocs/linux/kernelctf/CVE-2023-6817_mitigation/exploit/mitigation-v3-6.1.55/Makefile

@@ -0,0 +1,6 @@
+
+exploit: exploit.c netlink.c
+	$(CC) -O3 -ggdb -static -Wall -lpthread -o $@ $^
+
+real_exploit: exploit.c netlink.c
+	$(CC) -O3 -ggdb -static -Wall -lpthread -DKASLR_BYPASS_INTEL=1 -o exploit $^