Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-4543 PoC — Linux kernel 信息泄露漏洞

Source
https://github.com/sunichi/cve-2022-4543-wrapper
Associated Vulnerability
Title:Linux kernel 信息泄露漏洞 (CVE-2022-4543)
Description:A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.
Readme
# cve-2022-4543-wrapper

## Introduction

This is a wrapper of willsroot's CVE-2022-4543 exploit to help you judge and get kernel base address.

## How to use

### Compile

Base on your demand(Optional):

```bash
gcc dekaslr.c --static -o dekaslr
g++ main.cpp --static -o main
```

For some OS, install static libc first.

### De-KASLR

```bash
./main
[*] Usage: ./binary dekaslr_path entry_SYSCALL_64_offset(in hex) max_loop
```

```bash
$ ./main ./dekaslr 0x100000 200
ffffffffa2600000: 53/200
```

After running both program, it will give you the most frequent address base on your offset.

In practice, the real kernel base address will appear more than 1/4 in total tries. Recommend more than 100 tries.

## References

- https://www.willsroot.io/2022/12/entrybleed.html
- https://access.redhat.com/security/cve/cve-2022-4543
File Snapshot

 [4.0K]  /data/pocs/fb0a46746d12a2756f0bec8d6249a23caaf87540
├── [2.2K]  dekaslr.c
├── [ 34K]  LICENSE
├── [2.0K]  main.cpp
└── [ 831]  README.md

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →