Giters

SanjayRagavendar / Ubuntu-GameOver-Lay

Escalating Privilege using CVE-2023-2640 CVE-2023-3262

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

UbuntuP-GameOver(Lay)

Using CVE-2023-2640 CVE-2023-3262 to escalate previlege

CVE 2023-2640

https://nvd.nist.gov/vuln/detail/CVE-2023-2640

On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks.

CVE 2023-32629

https://nvd.nist.gov/vuln/detail/CVE-2023-32629

Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels

Vulnerable Kernel version

Ubuntu 6.2.0, 5.19.0 and 5.4.0

Usage

./exp.sh

Running the script in a low privilege will get you root access. Tested on Ubuntu version 5.19.0, 5.4.0 and 6.2.0

Example

image

About

Escalating Privilege using CVE-2023-2640 CVE-2023-3262

Languages

Language:Shell 100.0%