POC详情: b37f7a18e4e69e1f076b2d9f117e0f7dcf8d6a9c

来源
https://github.com/pirenga/2022-LPE-UAF
关联漏洞
标题: Linux kernel 安全漏洞 (CVE-2022-2588)
描述:Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel route4_change存在安全漏洞,该漏洞源于释放后重用,允许本地有特权的攻击者使系统崩溃,可能导致本地特权升级问题。
描述
CVE-2022-2588,CVE-2022-2586,CVE-2022-2585
介绍
# 2022-LPE-UAF

Untested POC code


Security researchers discovered 3 vulnerabilities in the Linux kernel that could allow a local attacker to elevate privileges and potentially execute malicious code. The proof-of-concept code is publicly available increasing the likelihood of exploitation in the wild. 

##### Paper on Dirtycred by Zhenpeng
https://zplin.me/papers/DirtyCred-Zhenpeng.pdf

Patches for DirtyCred and the public release of the PoC https://github.com/Markakd/DirtyCred

CVE-2022-2585 - Linux kernel POSIX CPU timer UAF 'PoC' code source:
https://seclists.org/oss-sec/2022/q3/133

CVE-2022-2586 - Linux kernel nf_tables cross-table reference UAF 'PoC' code source:
https://seclists.org/oss-sec/2022/q3/131

Linux kernel cls_route UAF 'PoC' code source:
https://seclists.org/oss-sec/2022/q3/132
文件快照

 [4.0K]  /data/pocs/b37f7a18e4e69e1f076b2d9f117e0f7dcf8d6a9c
├── [ 977]  CVE-2022-2585.c
├── [5.3K]  CVE-2022-2586.c
├── [5.7K]  dirtycred.c
└── [ 809]  README.md

0 directories, 4 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。