CVE-2024-0582 PoC — Kernel: io_uring: page use-after-free vulnerability via buffer ring mmap

Source

https://github.com/ysanatomic/io_uring_LPE-CVE-2024-0582

Associated Vulnerability

Title:Kernel: io_uring: page use-after-free vulnerability via buffer ring mmap (CVE-2024-0582)
Description:A memory leak flaw was found in the Linux kernel’s io_uring functionality in how a user registers a buffer ring with IORING_REGISTER_PBUF_RING, mmap() it, and then frees it. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Description

LPE exploit for CVE-2024-0582 (io_uring)

Readme

# io_uring_LPE-CVE-2024-0582
LPE exploit for CVE-2024-0582.

I will not be releasing a write-up for this vulnerability as my method of exploitation is almost the same as for [CVE-2023-2598](https://github.com/ysanatomic/io_uring_LPE-CVE-2023-2598).

You can read the exploitation section of my write-up on CVE-2023-2598 to understand this exploit as well: [Conquering the memory through io_uring - Analysis of CVE-2023-2598](https://anatomic.rip/cve-2023-2598/).

If you want to read more about the vulnerability itself, Oriol Castejón ([@foolisses](https://twitter.com/foolisses)) has written an excellent post on it: [Mind the Patch Gap: Exploiting an io_uring Vulnerability in Ubuntu](https://blog.exodusintel.com/2024/03/27/mind-the-patch-gap-exploiting-an-io_uring-vulnerability-in-ubuntu/)

## Disclaimer
For educational and research purposes only. Use at your own risk.

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!