Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-8835 PoC — Linux kernel 缓冲区错误漏洞

Source
https://github.com/zilong3033/CVE-2020-8835
Associated Vulnerability
Title:Linux kernel 缓冲区错误漏洞 (CVE-2020-8835)
Description:Linux kernel是美国Linux基金会发布的开源操作系统Linux所使用的内核。 Linux kernel 5.5.0及更高版本中存在安全漏洞。攻击者可利用该漏洞在系统上执行任意代码。
Readme
# CVE-2020-8835
```
In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) 
does not properly restrict the register bounds for 32-bit operations,
leading to out-of-bounds reads and writes in kernel memory. 

This vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7,
as the introducing commit was backported to that branch. 
This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29.

Mitigation for this vulnerability is available by setting the 
'kernel.unprivileged_bpf_disabled' sysctl to '1'.
This disables unprivileged access to the bpf() syscall entirely.

This issue is also mitigated on systems that use secure
boot, because of the kernel lockdown feature which blocks
BPF program loading.
```

## Compile

```console
gcc -o exploit ./exploit.c
```

## Mitigation

##### Ubuntu
```console
$ sudo sysctl kernel.unprivileged_bpf_disabled=1

$ echo kernel.unprivileged_bpf_disabled=1 | \
  sudo tee /etc/sysctl.d/90-CVE-2020-8835.conf
```
##### Redhat
```console
$ sysctl -w kernel.unprivileged_bpf_disabled=1
```
File Snapshot

 [4.0K]  /data/pocs/c5525b6ffa73ceb2b66084ab813dc3a71fed0db1
├── [ 14K]  exploit.c
└── [1.0K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.