Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-2588 PoC — Linux kernel 安全漏洞

Source
https://github.com/pirenga/2022-LPE-UAF
Associated Vulnerability
Title:Linux kernel 安全漏洞 (CVE-2022-2588)
Description:Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel route4_change存在安全漏洞,该漏洞源于释放后重用,允许本地有特权的攻击者使系统崩溃,可能导致本地特权升级问题。
Description
CVE-2022-2588,CVE-2022-2586,CVE-2022-2585
Readme
# 2022-LPE-UAF

Untested POC code


Security researchers discovered 3 vulnerabilities in the Linux kernel that could allow a local attacker to elevate privileges and potentially execute malicious code. The proof-of-concept code is publicly available increasing the likelihood of exploitation in the wild. 

##### Paper on Dirtycred by Zhenpeng
https://zplin.me/papers/DirtyCred-Zhenpeng.pdf

Patches for DirtyCred and the public release of the PoC https://github.com/Markakd/DirtyCred

CVE-2022-2585 - Linux kernel POSIX CPU timer UAF 'PoC' code source:
https://seclists.org/oss-sec/2022/q3/133

CVE-2022-2586 - Linux kernel nf_tables cross-table reference UAF 'PoC' code source:
https://seclists.org/oss-sec/2022/q3/131

Linux kernel cls_route UAF 'PoC' code source:
https://seclists.org/oss-sec/2022/q3/132
File Snapshot

 [4.0K]  /data/pocs/b37f7a18e4e69e1f076b2d9f117e0f7dcf8d6a9c
├── [ 977]  CVE-2022-2585.c
├── [5.3K]  CVE-2022-2586.c
├── [5.7K]  dirtycred.c
└── [ 809]  README.md

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.