Loading posts...
  • CVE-2022-27666: Exploit esp6 modules in Linux kernel

    This post discloses the exploit of CVE-2022-27666, which achieves local privilege escalation on the latest Ubuntu Desktop. My preliminary experiment shows this vulnerability affects the latest Ubuntu, Fedora, and Debian. Our exploit was built to attack Ubuntu Desktop 21.10.

  • User namespace and kernel capability

    A lot of kernel reachable code is only available from an already-privileged user. To restrict features for unprivileged user, the kernel generally uses capabilities. Ubuntu enabled unprivileged user namespace by default, which gives kernel exploit more attack surface. Nowadays most kernel modules are guarded by different capabilities, such as CAP_NET_ADMIN, CAP_NET_RAW. To trigger a vulnerability that…

  • Universal heap spraying strategy – userfaultfd + setxattr

    I read a post about a new heap spraying strategy by Vitaly Nikolenko a few weeks ago. It utilizes userfaultfd+setxattr to spray arbitrary size data on the heap. Since I didn’t find any existed code snippets of this new strategy, I’d like to write a demonstration and share it with the public.

  • [kernel pwn] CVE-2017-7184复现

    CVE-2017-7184的详细介绍以及利用

  • 关于heap overflow的一些笔记

    本文是总结了互联网上多篇文章后整合而成,如有纰漏还请轻喷