CVE-2020-29661 PoC — Linux kernel 资源管理错误漏洞

Source

https://github.com/TLD1027/CVE-2020-29661

Associated Vulnerability

Title:Linux kernel 资源管理错误漏洞 (CVE-2020-29661)
Description:Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 5.9.13 版本及之前版本存在资源管理错误漏洞，该漏洞源于子系统中发现了一个锁定问题。驱动tty tty jobctrl.c允许使用后免费攻击TIOCSPGRP，又名CID-54ffccbf053b。

Description

Using Dirty Pagetable technology to reproduce CVE-2020-29661

Readme

# CVE-2020-29661
结合[Dirty Pagetable: A Novel Exploitation Technique To Rule Linux Kernel](https://yanglingxi1993.github.io/dirty_pagetable/dirty_pagetable.html)文章使用`Dirty Pagetable`方法

对`pid-uaf`漏洞复现

- CVE-2020-29661.md：漏洞复现报告
- backdoor：触发error后需要被`root`执行的文件
- boot.sh：启动脚本
- bzImage-5_6：内核镜像
- compose.sh：打包脚本
- config：内核编译config
- error：需要被执行的非法文件
- myexp.c：exp脚本
- rootfs.cpio：文件系统

File Snapshot


 [4.0K]  /data/pocs/1b2e9a42595ffc71953cd44c3b2aed21dfc0bd02
├── [ 125]  backdoor
├── [ 333]  boot.sh
├── [8.6M]  bzImage-5_6
├── [ 207]  compose.sh
├── [122K]  config
├── [ 39K]  CVE-2020-29661.md
├── [   5]  error
├── [4.0K]  img
│   ├── [   1]  1
│   ├── [ 57K]  2.png
│   └── [1.3M]  3.png
├── [ 18K]  myexp.c
├── [ 530]  README.md
└── [ 22M]  rootfs.cpio

1 directory, 13 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!