Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2017-14954 PoC — Linux kernel 信息泄露漏洞

Source
https://github.com/echo-devim/exploit_linux_kernel4.13
Associated Vulnerability
Title:Linux kernel 信息泄露漏洞 (CVE-2017-14954)
Description:The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted system call.
Description
LPE on linux kernel based on CVE-2017-14954, CVE-2017-18344, CVE-2017-5123
Readme
This repo contains an old poc that combines three CVEs (CVE-2017-14954, CVE-2017-18344, CVE-2017-5123).
The poc is a Local Privilege Escalation for Linux Kernel 4.13 (tested on Ubuntu).

The exploit uses an info leak (CVE-2017-14954) to bypass KASLR, an arbitrary read (CVE-2017-18344) to read the kernel memory looking for the `struct cred` for user with uid 1000 (non privileged) and uses the buggy `waitid` system call (CVE-2017-5123) to overwrite the uid value with 0 (root).

I'm not the original author of the three exploits, I just combined them as an exercise.
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →