Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-2008 PoC — Linux kernel 输入验证错误漏洞

Source
https://github.com/bluefrostsecurity/CVE-2023-2008
Associated Vulnerability
Title:Linux kernel 输入验证错误漏洞 (CVE-2023-2008)
Description:Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于缺乏对用户提供的数据的正确验证,这可能导致内存访问超出数组末尾。攻击者可以利用此漏洞可以提升权限并在内核上下文中执行任意代码。
Description
Proof of concept code for CVE-2023-2008
Readme
# CVE-2023-2008

Proof of concept exploit for CVE-2023-2008, a bug in the udmabuf driver of the 
Linux kernel fixed in 5.19-rc4.

You can find a description of the bug and the exploitation strategy in our [blog post](https://labs.bluefrostsecurity.de/blog/cve-2023-2008.html).

The exploit was tested on a vulnerable Ubuntu 22.04, and it requires access to the `/dev/udmabuf` device. This is only accessible to users in the `kvm` group, so you may need to add your test user to this group when testing the exploit.

To test, simply compile with gcc and run the resulting binary.
File Snapshot

 [4.0K]  /data/pocs/3432b4b1740e35a1e5931ff0a48a18971e47183a
├── [5.3K]  exp.c
└── [ 579]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.