CVE-2021-3490 PoC — Linux kernel 缓冲区错误漏洞

Source

https://github.com/pivik271/CVE-2021-3490

Associated Vulnerability

Title:Linux kernel 缓冲区错误漏洞 (CVE-2021-3490)
Description:Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 存在缓冲区错误漏洞。该漏洞源于发现按位操作（AND，OR和XOR）的eBPF ALU32边界跟踪不会更新32位边界。

Readme

The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution.

Compile: `gcc -o pwn pwn.c && gcc -o exploit exploit.c`

File Snapshot


 [4.0K]  /data/pocs/e56a5f6d9c469bcdf28c15645b7410190e7e5ea7
├── [6.5K]  bpf_insn.h
├── [ 11K]  exploit.c
├── [ 158]  pwn.c
└── [ 301]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!