kernel-hack

linux kernel 相关资料收集

CVE

LPE

[CVE-2022-32250] https://research.nccgroup.com/2022/09/01/settlers-of-netlink-exploiting-a-limited-uaf-in-nf_tables-cve-2022-32250/

[CVE-2022-2586] https://www.openwall.com/lists/oss-security/2022/08/29/5

[CVE-2022-34918] https://www.randorisec.fr/crack-linux-firewall/

[CVE-2022-2588] https://github.com/Markakd/CVE-2022-2588

[CVE-2022-34918] https://unsafe.sh/go-123167.html

[CVE-2022-0185] https://www.willsroot.io/2022/01/cve-2022-0185.html

SKILL

[DirtyCred] https://www.blackhat.com/us-22/briefings/schedule/index.html#cautious-a-new-exploitation-method-no-pipe-but-as-nasty-as-dirty-pipe-27169

[msg_msg] https://www.willsroot.io/2021/08/corctf-2021-fire-of-salvation-writeup.html

[USMA] https://vul.360.net/archives/391

https://i.blackhat.com/Asia-22/Thursday-Materials/AS-22-YongLiu-USMA-Share-Kernel-Code.pdf

[pipe-primitive] https://github.com/veritas501/pipe-primitive

https://veritas501.github.io/2022_03_16-CVE_2022_0185%E5%88%86%E6%9E%90%E5%8F%8A%E5%88%A9%E7%94%A8%E4%B8%8Epipe%E6%96%B0%E5%8E%9F%E8%AF%AD%E6%80%9D%E8%80%83%E4%B8%8E%E5%AE%9E%E8%B7%B5/

CTF

https://smallkirby.hatenablog.com/entry/corjail

https://stdnoerr.github.io/writeup/2022/08/21/eBPF-exploitation-(ft.-D-3CTF-d3bpf).html

https://syst3mfailure.io/corjail

Security

https://grsecurity.net/how_autoslab_changes_the_memory_unsafety_game

https://github.com/thejh/linux/blob/slub-virtual/MITIGATION_README

https://a13xp0p0v.github.io/2020/11/30/slab-quarantine.html

https://security.apple.com/blog/towards-the-next-generation-of-xnu-memory-safety/

EXP

以下所有exp和调试环境都在exp目录下可找到

[cve-2022-2588] https://github.com/Markakd/CVE-2022-2588

[cve-2022-0185] https://github.com/Crusaders-of-Rust/CVE-2022-0185

[cve-2022-0847] https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits

[cve-2022-2602] https://github.com/kiks7/CVE-2022-2602-Kernel-Exploit