CVE-2022-0847 PoC — Linux kernel 安全漏洞

Source

https://github.com/githublihaha/DirtyPIPE-CVE-2022-0847

Associated Vulnerability

Title:Linux kernel 安全漏洞 (CVE-2022-0847)
Description:A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.

Readme

# CVE-2022-0847 POC

> 来源：https://www.exploit-db.com/exploits/50808

1. 编译

   在linux中 `gcc -o dirty dirty.c`编译POC程序

2. 使用

   `./dirty SUID`执行程序。其中，SUID是指具有SUID的程序的路径

   一般可以用 `/usr/bin/passwd`，也就是执行`./dirty /usr/bin/passwd`

   ![image-20220315163100154](README.assets/image-20220315163100154.png)

   可以获取root的shell
   
3. 可以使用`find / -perm /4000`查询具有SUID的程序。

   ![image-20220315164326855](README.assets/image-20220315164326855.png)

   ![image-20220315164346358](README.assets/image-20220315164346358.png)

4. 别忘了删除 `/tmp/sh`

   ![image-20220315165450528](README.assets/image-20220315165450528.png)

File Snapshot


 [4.0K]  /data/pocs/0bd2cc47e5d12aaee27e31083bb7d2dd30301293
├── [7.1K]  dirty.c
├── [4.0K]  README.assets
│   ├── [ 25K]  image-20220315163100154.png
│   ├── [ 19K]  image-20220315164326855.png
│   ├── [ 12K]  image-20220315164346358.png
│   └── [9.3K]  image-20220315165450528.png
└── [ 738]  README.md

1 directory, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!