Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-16995 PoC — Linux kernel 安全漏洞

Source
https://github.com/ph4ntonn/CVE-2017-16995
Associated Vulnerability
Title:Linux kernel 安全漏洞 (CVE-2017-16995)
Description:Linux kernel是美国Linux基金会发布的开源操作系统Linux所使用的内核。 Linux kernel 4.14.8及之前的版本中的kernel/bpf/verifier.c文件的‘check_alu_op’函数存在安全漏洞。本地攻击者可利用该漏洞造成拒绝服务(内存损坏)。
Description
👻CVE-2017-16995
Readme
# CVE-2017-16995

记录一下自己折腾的CVE-2017-16995漏洞和相关分析

(希望能自己找个,笑

## 概述

此漏洞由于bpf虚拟执行时,校验器分支判断错误所引起的LPE

原理上是整数扩展漏洞

## 分析

触发	https://ph4ntonn.github.io/CVE-2017-16995-trigger.html

利用	https://ph4ntonn.github.io/CVE-2017-16995-exploit.html

结构	https://ph4ntonn.github.io/CVE-2017-16995-structure.html

## EXP

此处[下载](https://raw.githubusercontent.com/ph4ntonn/CVE-2017-16995/master/exp.c),请自行编译
File Snapshot

 [4.0K]  /data/pocs/bedff683e54e71049d3effd8715749f8615d8d38
├── [7.6K]  exp.c
└── [ 551]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.