Skip to content

TurtleARM/CVE-2023-0179-PoC

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
config
config
 
 
exploit.c
exploit.c
 
 
exploit.h
exploit.h
 
 
helpers.c
helpers.c
 
 
helpers.h
helpers.h
 
 
needle.c
needle.c
 
 
run.sh
run.sh
 
 
setup.sh
setup.sh
 
 

Repository files navigation

Needle (CVE-2023-0179) exploit

This repository contains the exploit for my recently discovered vulnerability in the nftables subsystem that was assigned CVE-2023-0179, affecting all Linux versions from 5.5 to 6.2-rc3, although the exploit was tested on 6.1.6.

The vulnerability details and writeup can be found on oss-security

Building instructions

Just invoke the make needle command to generate the corresponding executable.

libmnl and libnftnl are required for the build to succeed:

sudo apt-get install libmnl-dev libnftnl-dev

Infoleak

The exploit will enter an unprivileged user and network namespace and add an nft_payload expression via the rule_add_payload function which, when evaluated, will trigger the stack buffer overflow and overwrite the registers.

The content is then retrieved with the following nft command:

nft list map netdev mytable myset12

The output will leak several shuffled addresses relative to kernel data structures, among which we find a kernel instruction address and the regs pointer.

LPE

The exploit creates a new user account needle:needle with UID 0 by abusing the modprobe_path variable.

Enjoy root privileges.

Demo

asciicast

Credits

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

215 stars

Watchers

4 watching

Forks

35 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages