CVE-2021-42008 PoC — Linux kernel 缓冲区错误漏洞

Source

https://github.com/0xdevil/CVE-2021-42008

Associated Vulnerability

Title:Linux kernel 缓冲区错误漏洞 (CVE-2021-42008)
Description:Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 5.13.13之前版本存在缓冲区错误漏洞，该漏洞源于内核中的drivers/net/hamradio/6pack.c中的decode_data 函数有一个slab越界写入，攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。

Description

CVE-2021-42008: Exploiting A 16-Year-Old Vulnerability In The Linux 6pack Driver

Readme

# CVE-2021-42008
CVE-2021-42008: Exploiting A 16-Year-Old Vulnerability In The Linux 6pack Driver

![img](exploit.gif)

Vulnerability analysis and exploit development: https://syst3mfailure.io/sixpack-slab-out-of-bounds

Exploit designed for:

    Debian 11 - Kernel 5.10.0-8-amd64

File Snapshot


 [4.0K]  /data/pocs/62daa27be2762b3baf3d6a2edd5d32520db3578d
├── [ 14K]  6pack_exploit.c
├── [4.0K]  debug
│   ├── [ 464]  gdb.cmd
│   └── [ 428]  run.sh
├── [ 69K]  exploit.gif
├── [ 34K]  LICENSE
├── [  72]  Makefile
└── [ 282]  README.md

1 directory, 7 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!