Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-0582 PoC — Linux kernel 安全漏洞

Source
https://github.com/kuzeyardabulut/CVE-2024-0582
Associated Vulnerability
Title:Linux kernel 安全漏洞 (CVE-2024-0582)
Description:Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于存在内存泄漏问题,允许本地用户导致崩溃或提升权限。
Description
A data-only exploit for CVE-2024-0582
Readme
# CVE-2024-0582 Exploit (PoC)

This repository provides a Proof-of-Concept (PoC) exploit for **CVE-2024-0582**, featuring both **Dirty Cred** and **Dirty Pagetable** attack methods to gain root privilege.

## Description

- **Based on Google Project Zero’s PoC:** This exploits stands out from other PoCs on GitHub because it is heavily based on the PoC described in [a Google Project Zero](https://project-zero.issues.chromium.org/issues/42451653) issue. 
 
- **Additional References:** This exploit drew upon insights from the [Exodus Intelligence blog post](https://blog.exodusintel.com/2024/03/27/mind-the-patch-gap-exploiting-an-io_uring-vulnerability-in-ubuntu/) and [ptrYudai's blog post](https://ptr-yudai.hatenablog.com/entry/2023/12/08/093606).
- **Bug Overview:** *CVE-2024-0582* is rooted in a flaw within the `io_uring` subsystem, allowing unintended access to freed memory pages. 

### Current Exploit Method

1. **Dirty Cred**  
   - Uses an `io_uring` **register/unregister** sequence to trigger Page Use-After-Free.  
   - Grants write access to `/etc/passwd`.  
   - Injects a rogue user entry into `/etc/passwd`.

2. **Dirty Page Method**  
    - Uses an `io_uring` **register/unregister** sequence to trigger *Page Use-After-Free*.  
    - Gain write access to Page Table
    - Injects shellcode to `pivot_root` syscall.

## Adjust the Offset Values  
   Before building, ensure that you have configured the correct offset values for each exploit. Refer to the documentation in:
   - [Dirty Cred](dirty_cred/README.md#determining-the-correct-offset-values)
   - [Dirty Pagetable](dirty_page_table/README.md#determining-the-correct-offset-values)
   
   These offsets may vary depending on your kernel version and environment.

## Disclaimer
This repository and all its contents are for educational and research purposes only. Do not use this exploit on systems you do not own or have explicit permission to test. The author(s) assume no liability for any misuse or damage caused by this material.
File Snapshot

 [4.0K]  /data/pocs/3f0e43fd91caaf066b2679456913ac7054f20b93
├── [4.0K]  dirty_cred
│   ├── [4.0K]  c
│   │   ├── [8.5K]  exploit.c
│   │   └── [1.1K]  Makefile
│   ├── [2.0K]  README.md
│   └── [4.0K]  rust
│       ├── [ 118]  Cargo.toml
│       ├── [1.1K]  Makefile
│       └── [4.0K]  src
│           ├── [5.5K]  main.rs
│           └── [5.9K]  utils.rs
├── [4.0K]  dirty_page_table
│   ├── [4.0K]  c
│   │   ├── [ 10K]  exploit.c
│   │   └── [1.1K]  Makefile
│   └── [5.2K]  README.md
├── [ 273]  KERNEL_COMMIT_INFO
├── [138K]  kernel.conf
├── [1.0K]  LICENSE
├── [2.0K]  README.md
└── [1.2K]  run_qemu.sh

6 directories, 15 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.