CVE-2024-0582 PoC — Kernel: io_uring: page use-after-free vulnerability via buffer ring mmap

Source

Associated Vulnerability

Description

CVE-2024-0582 exploit

Readme

# CVE-2024-0582 (PoC)

This repository contains a proof of concept for CVE-2024-0582 (page-level use after free in `io_uring`) used for academic research. It includes a kernel configuration, build and run scripts for a reproducible QEMU environment, and the PoC exploit used in my analysis.

> Use this code only in a controlled lab environment. Do not deploy it against systems you do not own or have explicit permission to test.

## Requirements

* Linux host with standard toolchain (gcc, make, etc)
* QEMU (tested with qemu-system-x86_64)
* liburing development headers

Do not run this against production or third party systems.

## Notes on the PoC

* The PoC targets a specific, out-of-date LTS kernel version (6.6.2) built with the supplied kernel config. Results will vary on other kernels or configs.
* Exploit reliability depends on system-specific allocator behaviour and kernel configuration. Check `/proc/slabinfo` and relevant kernel settings when reproducing.
* The code is presented for analysis, teaching, and responsible disclosure exercises.

File Snapshot

 [4.0K]  /data/pocs/3cbf77f0482a76e50f310ff0c7ca3e15d7033cab
├── [4.3K]  build_release.sh
├── [ 12M]  bzImage
├── [8.4K]  exp.c
├── [2.0M]  initramfs.cpio.gz
├── [1.0K]  lts-6.6.config
├── [1.1K]  README.md
└── [ 257]  run.sh

1 directory, 7 files

Remarks