CVE-2022-32250 PoC — Linux kernel 资源管理错误漏洞

Source

https://github.com/theori-io/CVE-2022-32250-exploit

Associated Vulnerability

Title:Linux kernel 资源管理错误漏洞 (CVE-2022-32250)
Description:net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.

Readme

# CVE-2022-32250-Linux-Kernel-LPE

## Demo Video

https://www.youtube.com/watch?v=YqmwA6fPjKE

## About
- CVE-2022-32250 allows a local user to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.

## Reference
- [Linux Kerenel Exploit (CVE-2022-32250) with mqueue](https://blog.theori.io/research/CVE-2022-32250-linux-kernel-lpe-2022/)

## Affected Version
- Linux, before commit 520778042ccca019f3ffa136dd0ca565c486cedd (26 May, 2022)
- Ubuntu <= 22.04 before security patch

## Test Environment & Running

### Test Environment
- Platform
    - Ubuntu 22.04 amd64
- Versions
    - Linux ubuntu 5.15.0-27-generic #28-Ubuntu SMP Thu Apr 14 04:55:28 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

### Running
```
gcc exp.c -o exp -l mnl -l nftnl -w
./exp
```

## Warning
- This exploit corrupts Linux kernel slabs, which might cause kernel panic when attempting to acquire root privileges.

## Result
![exp.png](./exp.png)

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →