|.gitignore||Loading last commit info...|
This repository contains a PoC for local privilege escalation of CVE-2022-1015, a bug in the
nf_tables component of the linux kernel that I found. You can read a detailed analysis of this vulnerability and the exploitation strategy over at my blog.
Right now, the exploit is a bit messy. Sorry!
Kernels after commit 345023b0db31 (v5.12) but before commit 6e1acfa387b9 (v5.17) are vulnerable.
This exploit is extremely unlikely to pop a root shell for a given vulnerable kernel. You will have to experiment with chain hook locations (input vs output etc.),
nft_bitwise address leak offsets, and ROP gadget and symbol offsets. I tested on 5.16-rc3+ and had to seriously change my exploit for a kernel build compiled with a different gcc version.
That said, with all the information given in my blog post I think altering the exploit for a given vulnerable kernel should be doable.
make, and a
pwn executable should pop up in the source dir. You will need
libnftnl developer packages, as well as linux headers of the target.
You can explicitly specify kernel headers to use with e.g.
This code is distributed under the Beerware license. I am not legally responsible for anything you do with it.