LPE exploit for CVE-2023-36802# CVE-2023-36802 Local Privilege Escalation POC
authors: [chompie](https://twitter.com/chompie1337)
For demonstration purposes only. Complete exploit works on vulnerable Windows 11 22H2 systems.
Adapting the exploit to all vulnerable systems is left as an exercise to the reader. Git gud, etc.
Usage:
```
Windows_MSKSSRV_LPE_CVE-2023-6802.exe <pid>
```
where `<pid>` is the process ID (in decimal) of the process to elevate.
Should result in the target process being elevated to SYSTEM
The I/O Ring LPE primitive code is based on the I/ORing R/W [PoC](https://github.com/yardenshafir/IoRingReadWritePrimitive) by [Yarden Shafir](https://twitter.com/yarden_shafir)
Blog post [here](https://securityintelligence.com/posts/critically-close-to-zero-day-exploiting-microsoft-kernel-streaming-service/)
[4.0K] /data/pocs/6645aeb5c0195a73467ba9a33b34c70e361c58d0
├── [ 807] README.md
├── [4.0K] Windows_MSKSSRV_LPE_CVE-2023-36802
│ ├── [ 11K] exploit.c
│ ├── [2.3K] ioring.h
│ ├── [7.6K] ioring_lpe.c
│ ├── [6.1K] windefs.h
│ ├── [6.7K] Windows_MSKSSRV_LPE_CVE-2023-36802.vcxproj
│ └── [1.3K] Windows_MSKSSRV_LPE_CVE-2023-36802.vcxproj.filters
└── [1.5K] Windows_MSKSSRV_LPE_CVE-2023-36802.sln
1 directory, 8 files