.gitignore | Loading last commit info... | |
LICENSE | ||
Makefile | ||
README.md | ||
crash.c | ||
helpers.c | ||
helpers.h | ||
leak.c | ||
setup.sh |
CVE-2023-0179 PoC
This repository contains the exploit for my recently discovered vulnerability in the nftables subsystem that was assigned CVE-2023-0179, affecting all Linux versions from 5.5 to 6.2-rc3, although the exploit was tested on 6.1.6.
The vulnerability details and writeup can be found on oss-security
Building instructions
Just invoke the make leak
and make crash
commands to generate the corresponding executables.
libmnl
and libnftnl
are required for the build to succeed:
sudo apt-get install libmnl-dev libnftnl-dev
Infoleak
The exploit will enter an unprivileged user and network namespace and add an nft_payload
expression via the rule_add_payload
function which, when evaluated, will trigger the stack buffer overflow and overwrite the registers.
The content is then retrieved with the following nft command:
nft list map netdev mytable myset12
The output will leak several shuffled addresses relative to kernel data structures.
LPE
TODO: for now, the crash binary will just panic the kernel.
Credits
- David Bouman's
libnftnl
implementation and detailed blog post