CVE-2023-0386 PoC — Linux kernel 安全漏洞

Source

https://github.com/puckiestyle/CVE-2023-0386

Associated Vulnerability

Title:Linux kernel 安全漏洞 (CVE-2023-0386)
Description:Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞，该漏洞源于在 Linux kernel的 OverlayFS 子系统中发现了未经授权访问，用户可以将一个有执行能力的文件从一个 nosuid 挂载复制到另一个挂载，这个 uid 映射错误允许用户升级他们在系统上的权限。

Readme

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.

see : https://ubuntu.com/security/CVE-2023-0386

Compile
```bash
make all
```
# Use
Start two terminals and enter in the first terminal
```bash
./fuse ./ovlcap/lower ./gc
```
In the second terminal enter
```bash
./exp
```
# Effect
Privilege escalation

File Snapshot


 [4.0K]  /data/pocs/cc70cf7b5dad2e4fb947c427cf8102556c06744d
├── [3.0K]  exp.c
├── [5.5K]  fuse.c
├── [ 549]  getshell.c
├── [ 150]  Makefile
├── [4.0K]  ovlcap
├── [ 586]  README.md
└── [4.0K]  test
    ├── [ 10K]  fuse_test.c
    ├── [ 16K]  mnt
    └── [1.5K]  mnt.c

2 directories, 8 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!