CVE-2022-3910 PoC — Use after free in IO_uring in the Linux Kernel

Source

https://github.com/TLD1027/CVE-2022-3910

Associated Vulnerability

Title:Use after free in IO_uring in the Linux Kernel (CVE-2022-3910)
Description:Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring was invoked with a fixed file, it called io_fput_file() which improperly decreased its reference count (leading to Use-After-Free and Local Privilege Escalation). Fixed files are permanently registered to the ring, and should not be put separately. We recommend upgrading past commit https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679

Description

使用两种不同的角度实现对于CVE-2022-3910的利用

Readme

# CVE-2022-3910

1. dirtycred
   * exp: [t1dpoc](./t1dpoc.c)
   * README.md: [CVE-2022-3910分析-1](./CVE-2022-3910分析-1.md)
2. cross-cache
   * exp: [t1dexp](./t1dexp.c)
   * README.md: [CVE-2022-3910分析-2](./CVE-2022-3910分析-1.md)

File Snapshot


 [4.0K]  /data/pocs/5f12532a222bcb7c37f8f077c7640afb9799b90c
├── [ 342]  boot.sh
├── [ 12M]  bzImage
├── [263K]  config
├── [ 15K]  CVE-2022-3910分析-1.md
├── [ 24K]  CVE-2022-3910分析-2.md
├── [4.0K]  pic
│   ├── [ 69K]  image-1.png
│   ├── [ 21K]  image-2.png
│   ├── [114K]  image-3.png
│   ├── [101K]  image-4.png
│   ├── [593K]  image-5.png
│   └── [   1]  README.md
├── [ 246]  README.md
├── [ 10M]  rootfs.cpio
├── [914K]  t1dexp
├── [ 11K]  t1dexp.c
├── [921K]  t1dpoc
└── [3.0K]  t1dpoc.c

1 directory, 17 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!