CVE-2016-5195 PoC — Linux kernel 竞争条件问题漏洞

Source

https://github.com/DavidBuchanan314/cowroot

Associated Vulnerability

Title:Linux kernel 竞争条件问题漏洞 (CVE-2016-5195)
Description:Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."

Description

Universal Android root tool based on CVE-2016-5195. Watch this space.

Readme

# cowroot
Universal Android root tool based on CVE-2016-5195. Watch this space.

### Current Status:
  - Only works on 32-bit devices
  - Only able to get root on Cyanogenmod devices, when both getuid() and geteuid() are patched (i.e. bypasses su checks).

I've ported https://gist.github.com/scumjr/17d91f20f73157c722ba2aea702985d2 to Android arm32.

As a proof-of-concept, it patches getuid() and geteuid() in libc to always return 0. Unless there is a su binary like on Cyanogenmod devices, this doesn't do anything useful. vDSO is not patched because many Android kernels do not have it enabled.

In order to get "real" root, I'm going to have to use a different patching strategy.

If I patch a function that is used by an already-privileged process, I should be able to get full control.

File Snapshot


 [4.0K]  /data/pocs/d1a171334cb2e7577742e9cba8c81b7ae6de8526
├── [ 247]  Android.mk
├── [4.4K]  cowroot.c
├── [1.0K]  LICENSE
├── [ 255]  Makefile
└── [ 794]  README.md

0 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!