CVE-2016-5195 PoC — Linux kernel 竞争条件问题漏洞

Source

https://github.com/DavidBuchanan314/cowroot

Associated Vulnerability

Title:Linux kernel 竞争条件问题漏洞 (CVE-2016-5195)
Description:Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 2.x至4.8.3之前的4.x版本中的mm/gup.c文件存在竞争条件问题漏洞，该漏洞源于程序没有正确处理copy-on-write(COW)功能写入只读内存映射。本地攻击者可利用该漏洞获取权限。

Description

Universal Android root tool based on CVE-2016-5195. Watch this space.

Readme

# cowroot
Universal Android root tool based on CVE-2016-5195. Watch this space.

### Current Status:
  - Only works on 32-bit devices
  - Only able to get root on Cyanogenmod devices, when both getuid() and geteuid() are patched (i.e. bypasses su checks).

I've ported https://gist.github.com/scumjr/17d91f20f73157c722ba2aea702985d2 to Android arm32.

As a proof-of-concept, it patches getuid() and geteuid() in libc to always return 0. Unless there is a su binary like on Cyanogenmod devices, this doesn't do anything useful. vDSO is not patched because many Android kernels do not have it enabled.

In order to get "real" root, I'm going to have to use a different patching strategy.

If I patch a function that is used by an already-privileged process, I should be able to get full control.

File Snapshot


 [4.0K]  /data/pocs/d1a171334cb2e7577742e9cba8c81b7ae6de8526
├── [ 247]  Android.mk
├── [4.4K]  cowroot.c
├── [1.0K]  LICENSE
├── [ 255]  Makefile
└── [ 794]  README.md

0 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!