CVE-2024-0582 PoC — Kernel: io_uring: page use-after-free vulnerability via buffer ring mmap

Source

https://github.com/0ptyx/cve-2024-0582

Associated Vulnerability

Title:Kernel: io_uring: page use-after-free vulnerability via buffer ring mmap (CVE-2024-0582)
Description:A memory leak flaw was found in the Linux kernel’s io_uring functionality in how a user registers a buffer ring with IORING_REGISTER_PBUF_RING, mmap() it, and then frees it. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Readme

# PoC for CVE-2024-0582

While learning about the iouring interface, I decided to create a PoC for [CVE-2024-0582](https://nvd.nist.gov/vuln/detail/CVE-2024-0582). All of this work is derived directly from the CVE information, the [patch](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c392cbecd8eca4c53f2bf508731257d9d0a21c2d) and a few other write ups related to io uring -- particularly Chompie's write up of [CVE-2021-41073](https://chomp.ie/Blog+Posts/Put+an+io_uring+on+it+-+Exploiting+the+Linux+Kernel).

File Snapshot


 [4.0K]  /data/pocs/213bbf9b7c8ef0a3610efc2c5cfc2e4f64f9953b
├── [ 12M]  bzImage
├── [ 234]  Makefile
├── [ 543]  README.md
├── [ 406]  run_dbg.sh
└── [4.0K]  work
    ├── [5.6K]  exp.c
    ├── [4.0K]  include
    │   ├── [4.0K]  liburing
    │   │   ├── [2.4K]  barrier.h
    │   │   ├── [ 276]  compat.h
    │   │   ├── [ 18K]  io_uring.h
    │   │   └── [ 164]  io_uring_version.h
    │   └── [ 42K]  liburing.h
    ├── [172K]  liburing.a
    └── [2.6K]  test.c

3 directories, 12 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!