Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-1829 PoC — Use-after-free in tcindex (traffic control index filter) in the Linux Kernel

Source
https://github.com/lanleft/CVE-2023-1829
Associated Vulnerability
Title:Use-after-free in tcindex (traffic control index filter) in the Linux Kernel (CVE-2023-1829)
Description:A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root. We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28.
Readme
# CVE-2023-1829

The exploitation is tested on Ubuntu22.04 official source code 5.15.0-25.25 

Installing dependences for some netlink filter functions
```
sudo apt install libnftnl-dev libmnl-dev
```

Building step:
```bash
make 
```

## References 
- https://github.com/randorisec/CVE-2022-34918-LPE-PoC/tree/main
File Snapshot

 [4.0K]  /data/pocs/2853599ee98bb3daf74588c76d1aabf8123b0240
├── [4.0K]  get_root_src
│   └── [ 227]  get_root.c
├── [4.0K]  inc
│   ├── [2.5K]  cls.h
│   ├── [1.2K]  keyring.h
│   ├── [ 918]  local_netlink.h
│   ├── [ 209]  log.h
│   ├── [ 162]  modprobe_path.h
│   ├── [ 889]  rtnetlink.h
│   ├── [ 181]  setup.h
│   └── [ 699]  uring.h
├── [ 467]  Makefile
├── [ 316]  README.md
└── [4.0K]  src
    ├── [ 43K]  cls.c
    ├── [3.5K]  keyring.c
    ├── [ 13K]  local_netlink.c
    ├── [ 851]  log.c
    ├── [8.7K]  main.c
    ├── [2.6K]  modprobe_path.c
    ├── [4.1K]  rtnetlink.c
    ├── [1.2K]  setup.c
    └── [1.2K]  uring.c

3 directories, 20 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →