CVE-2022-0847 PoC — Linux kernel 安全漏洞

Source

https://github.com/JlSakuya/CVE-2022-0847-container-escape

Associated Vulnerability

Title:Linux kernel 安全漏洞 (CVE-2022-0847)
Description:A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.

Description

A simple exploit that uses dirtypipe to inject shellcode into runC entrypoint to implement container escapes.

Readme

# CVE-2022-0847
A simple exploit that uses dirtypipe to inject shellcode into runC entrypoint to implement container escapes.

## Usage
Produce base64 encoded shellcode using msf:
```
$ msfvenom -p linux/x64/exec CMD="<command>" -f base64
```

Compile and run in the container, the **overwritten filename** is the bin that runC will execute in the container (such as /bin/sh):
```bash
$ gcc exploit.c -o exploit
$ ./exploit <overwritten filename> <base64 shellcode>
```

Trigger exploit and shellcode outside the container like CVE-2019-5736.

## References
+ [Breaking out of Docker via runC – Explaining CVE-2019-5736](https://unit42.paloaltonetworks.com/breaking-docker-via-runc-explaining-cve-2019-5736/)
+ [Using the Dirty Pipe Vulnerability to Break Out from Containers](https://www.datadoghq.com/blog/engineering/dirty-pipe-container-escape-poc/)

File Snapshot


 [4.0K]  /data/pocs/cbe369e3c9cc2ea532c1920a0749f65571b09937
├── [6.4K]  exploit.c
└── [ 878]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!