CVE-2022-27666 PoC — Linux kernel 缓冲区错误漏洞

Source

https://github.com/plummm/CVE-2022-27666

Associated Vulnerability

Title:Linux kernel 缓冲区错误漏洞 (CVE-2022-27666)
Description:Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 5.16.15之前版本存在安全漏洞，该漏洞源于net/ipv4/esp4.c 和 net/ipv6/esp6.c 中IPsec ESP 代码存在缓冲区溢出。本地攻击者可利用该漏洞通过覆盖内核堆对象获得特权。

Description

Exploit for CVE-2022-27666

Readme

# CVE-2022-27666

This is the exploit for CVE-2022-27666, a vulnerability that achieves local privilege escalation on the latest Ubuntu Desktop 21.10. 

Our preliminary experiment shows this vulnerability affects the latest Ubuntu, Fedora, and Debian. Our exploit was built to attack Ubuntu Desktop 21.10.

Read the full vulnerability disclosure [here](https://etenal.me/archives/1825)

```
./compile.sh
./run.sh
```

File Snapshot


 [4.0K]  /data/pocs/ed9f3d40e62d4cdf8f1d947f0119a97a4141ef3b
├── [ 293]  compile.sh
├── [1.0K]  download_symbol.sh
├── [2.1K]  fuse_evil.c
├── [ 878]  fuse_evil.h
├── [ 182]  get_rooot.c
├── [4.0K]  libfuse
│   ├── [2.5K]  cuse_lowlevel.h
│   ├── [ 27K]  fuse_common.h
│   ├── [ 44K]  fuse.h
│   ├── [ 18K]  fuse_kernel.h
│   ├── [1.9K]  fuse_log.h
│   ├── [ 66K]  fuse_lowlevel.h
│   ├── [7.4K]  fuse_opt.h
│   └── [ 178]  meson.build
├── [1.7M]  libfuse3.a
├── [  75]  myshell.c
├── [ 66K]  poc.c
├── [ 417]  README.md
└── [ 194]  run.sh

1 directory, 18 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!