CVE-2023-46813 PoC — Linux kernel 安全漏洞

Source

https://github.com/Freax13/cve-2023-46813-poc

Associated Vulnerability

Title:Linux kernel 安全漏洞 (CVE-2023-46813)
Description:Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 存在安全漏洞，该漏洞源于VC 处理程序中的不正确访问检查和 MMIO 访问的 SEV-ES 模拟的指令模拟可能会导致对内核内存的任意写入访问，从而导致权限提升。

Readme

# CVE-2023-46813 PoC

1. Apply the patches in the `host-patches` folder to the Linux host and QEMU.
2. Start an SEV-SNP VM.
3. Run the code in this repo and wait for the message "waiting for the hypervisor to change memory to MMIO".
4. Spam the `attack` command in QEMU several times.
5. Once the exploit detects that the type of some of its memory has been changed to MMIO it will use the vulnerability to swap out its credentials with those of the init tasks.

Successful exploitation will look like this:

![](./screenshot.png)

The exploit doesn't rely on any absolute kernel offsets but relies on the relative offsets of fields in the `struct task_struct` type. You might have to adjust those.

File Snapshot


 [4.0K]  /data/pocs/0d69360643e8e430d217b02efd21f1922ed72cac
├── [2.2K]  Cargo.lock
├── [ 242]  Cargo.toml
├── [4.0K]  host-patches
│   ├── [4.0K]  linux
│   │   └── [3.8K]  0001-add-KVM_ATTACK-ioctl.patch
│   └── [4.0K]  qemu
│       └── [4.3K]  0001-add-attack-command.patch
├── [ 699]  README.md
├── [ 45K]  screenshot.png
└── [4.0K]  src
    └── [ 13K]  main.rs

4 directories, 7 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!