CVE-2014-9322 PoC — Linux kernel 本地提权漏洞

Source

https://github.com/RKX1209/CVE-2014-9322

Associated Vulnerability

Title:Linux kernel 本地提权漏洞 (CVE-2014-9322)
Description:Linux kernel是美国Linux基金会发布的开源操作系统Linux所使用的内核。NFSv4 implementation是其中的一个分布式文件系统协议。 Linux kernel 3.17.5之前版本的arch/x86/kernel/entry_64.S文件中存在安全漏洞，该漏洞源于程序没有正确处理与Stack Segment(SS)段寄存器相关的错误。本地攻击者可借助IRET指令利用该漏洞获取权限。

Description

CVE-2014-9322 (a.k.a BadIRET) proof of concept for Linux

Readme

# CVE-2014-9322 PoC for Linux kernel
CVE-2014-9322 (a.k.a BadIRET) proof of concept for Linux kernel.  
This PoC uses only syscalls not any libraries, like pthread. Threads are implemented using raw Linux syscalls.  
[Raw Linux Threads via System Calls](http://nullprogram.com/blog/2015/05/15/)  

# Usage
```
$ make
```
**badiret.elf** is an ELF executable.  
**badiret.bin** is a raw binary that can be used as payload.  

# Reference
[Exploiting “BadIRET” vulnerability (CVE-2014-9322, Linux kernel privilege escalation)](https://blogs.bromium.com/exploiting-badiret-vulnerability-cve-2014-9322-linux-kernel-privilege-escalation/)

File Snapshot


 [4.0K]  /data/pocs/09144409139bd231ebdb67efc213567ca7f7a302
├── [  64]  crt0.S
├── [ 736]  defines.h
├── [1.7K]  exploit.c
├── [ 379]  linker.ld
├── [ 781]  Makefile
├── [ 640]  README.md
├── [ 637]  syscall.S
└── [ 717]  thread.S

0 directories, 8 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!