CVE-2022-2588 PoC — Linux kernel 安全漏洞

Source

https://github.com/konoha279/2022-LPE-UAF

Associated Vulnerability

Title:Linux kernel 安全漏洞 (CVE-2022-2588)
Description:Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel route4_change存在安全漏洞，该漏洞源于释放后重用，允许本地有特权的攻击者使系统崩溃，可能导致本地特权升级问题。

Description

CVE-2022-2588,CVE-2022-2586,CVE-2022-2585

Readme

# 2022-LPE-UAF

Untested POC code


Security researchers discovered 3 vulnerabilities in the Linux kernel that could allow a local attacker to elevate privileges and potentially execute malicious code. The proof-of-concept code is publicly available increasing the likelihood of exploitation in the wild. 

##### Paper on Dirtycred by Zhenpeng
https://zplin.me/papers/DirtyCred-Zhenpeng.pdf

Patches for DirtyCred and the public release of the PoC https://github.com/Markakd/DirtyCred

CVE-2022-2585 - Linux kernel POSIX CPU timer UAF 'PoC' code source:
https://seclists.org/oss-sec/2022/q3/133

CVE-2022-2586 - Linux kernel nf_tables cross-table reference UAF 'PoC' code source:
https://seclists.org/oss-sec/2022/q3/131

Linux kernel cls_route UAF 'PoC' code source:
https://seclists.org/oss-sec/2022/q3/132

File Snapshot


 [4.0K]  /data/pocs/9bed31bf969e2bde1a6fc793cdda55d6f321adba
├── [ 977]  CVE-2022-2585.c
├── [5.3K]  CVE-2022-2586.c
├── [5.7K]  CVE-2022-2588.c
└── [ 809]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!