Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-52927 PoC — Linux kernel 安全漏洞

Source
https://github.com/seadragnol/CVE-2023-52927
Associated Vulnerability
Title:Linux kernel 安全漏洞 (CVE-2023-52927)
Description:Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于nf_ct_find_expectation函数未移除exp,可能导致在某些场景下创建的ct不会被确认。
Readme
# CVE-2023-52927

LPE exploit for CVE-2023-52927 - a Use-After-Free vulnerability in netfilter.

My write-up of the vulnerability: [CVE-2023-52927 - Turning a Forgotten Syzkaller Report into kCTF Exploit](https://seadragnol.github.io/posts/CVE-2023-52927/)

Reproducer: [KASAN trigger poc](./reproducer/)

## Building

Install dependencies:

```text
make prerequisites
```

Build exploit:

```text
make exploit
```

## Target

kCTF cos-109-17800.436.33 machine:

- Kernel image (bzImage): <https://storage.googleapis.com/kernelctf-build/releases/cos-109-17800.436.33/bzImage>
- Kernel image (vmlinux): <https://storage.googleapis.com/kernelctf-build/releases/cos-109-17800.436.33/vmlinux.gz>
- Kernel config: <https://storage.googleapis.com/kernelctf-build/releases/cos-109-17800.436.33/.config>
    - -> derived from COS config: <https://storage.googleapis.com/kernelctf-build/releases/cos-109-17800.436.33/lakitu_defconfig>
- Source code info: <https://storage.googleapis.com/kernelctf-build/releases/cos-109-17800.436.33/COMMIT_INFO>
File Snapshot

 [4.0K]  /data/pocs/7be6e007c7bea01961b5ef78771fc4819fde3ef7
├── [1.5M]  exploit
├── [ 28K]  exploit.c
├── [5.9K]  helpers.c
├── [2.2K]  helpers.h
├── [2.8K]  helpers_nfqueue.c
├── [ 529]  helpers_nfqueue.h
├── [2.0K]  Makefile
├── [1.0K]  README.md
└── [4.0K]  reproducer
    ├── [1.4M]  kasan_trigger_poc
    ├── [ 11K]  kasan_trigger_poc.c
    ├── [ 966]  Makefile
    ├── [ 350]  README.md
    └── [ 65K]  trigger_kasan.png

1 directory, 13 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.