Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-27786 PoC — Linux kernel 资源管理错误漏洞

Source
https://github.com/kiks7/CVE-2020-27786-Kernel-Exploit
Associated Vulnerability
Title:Linux kernel 资源管理错误漏洞 (CVE-2020-27786)
Description:Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 存在资源管理错误漏洞,该漏洞源于网络系统或产品在内存上执行操作时,未正确验证数据边界,导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。
Description
4.9 Kernel Exploit for CVE-2020-27786
Readme
# CVE-2020-27786 Kernel Exploit
## Details
You can find full details and explaination here: https://1day.dev/notes/Linux-Kernel-n-day-exploit-development

## TL;DR
The vulnerability is a Race Condition that causes a write Use-After-Free. The race window has been extended using the userfaultd technique handling page faults from user-space and using msg_msg to leak a kernel address and I/O vectors to obtain a write primitive. With the write primitive, the modprobe_path global variable has been overwritten and a root shell popped.
File Snapshot

 [4.0K]  /data/pocs/3719abc5eb65af0d1b35e4bf0635a8974813f77d
├── [ 17K]  exploit.c
└── [ 534]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.