Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2015-1805 PoC — Linux kernel‘fs/pipe.c’本地内存损坏漏洞

Source
https://github.com/mobilelinux/iovy_root_research
Associated Vulnerability
Title:Linux kernel‘fs/pipe.c’本地内存损坏漏洞 (CVE-2015-1805)
Description:Linux kernel是美国Linux基金会发布的开源操作系统Linux所使用的内核。NFSv4 implementation是其中的一个分布式文件系统协议。 Linux kernel 3.16之前版本的fs/pipe.c文件中的pipe_read和pipe_write实现过程中存在安全漏洞,该漏洞源于程序没有正确考虑failed __copy_to_user_inatomic和__copy_from_user_inatomic调用的副效应。本地攻击者可借助特制的应用程序利用该漏洞造成拒绝服务(系统崩溃
Description
A root tool based on the [CVE-2015-1805 vulnerability](https://access.redhat.com/security/cve/cve-2015-1805)  It supports 32 and 64bit, get sys call table address via swi.
Readme
Inspired by [dosomder/iovyroot] (https://github.com/dosomder/iovyroot)
A root tool based on the [CVE-2015-1805 vulnerability](https://access.redhat.com/security/cve/cve-2015-1805)

It supports 32 and 64bit, get sys call table address via swi. ref to [Getting sys_call_table on Android](https://www.nowsecure.com/blog/2013/03/13/getting-sys-call-table-on-android/)
File Snapshot

 [4.0K]  /data/pocs/429c63be5b8ee2691a25302ef18d919f5b3807c1
├── [4.0K]  jni
│   ├── [ 843]  Android.mk
│   ├── [  41]  Application.mk
│   ├── [4.0K]  common
│   │   ├── [ 315]  Android.mk
│   │   ├── [1.9K]  exp_sys_call.c
│   │   ├── [ 999]  exp_sys_call.h
│   │   ├── [6.7K]  getroot.c
│   │   ├── [ 337]  getroot.h
│   │   ├── [1.2K]  kallsyms.c
│   │   ├── [ 960]  kallsyms.h
│   │   ├── [1.3K]  log.h
│   │   └── [3.1K]  threadinfo.h
│   ├── [4.0K]  expIov
│   │   ├── [ 325]  Android.mk
│   │   ├── [ 139]  exp_iov.h
│   │   ├── [2.3K]  flex_array.c
│   │   ├── [4.0K]  include
│   │   │   └── [1.5K]  flex_array.h
│   │   └── [6.5K]  iov_exp_main.c
│   └── [ 522]  main.cpp
└── [ 364]  README.md

4 directories, 18 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.