Skip to content

Freax13/cve-2023-46813-poc

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits

host-patches

host-patches

 
 

src

src

 
 

.gitignore

.gitignore

 
 

Cargo.lock

Cargo.lock

 
 

Cargo.toml

Cargo.toml

 
 

README.md

README.md

 
 

screenshot.png

screenshot.png

 
 

Repository files navigation

CVE-2023-46813 PoC

  1. Apply the patches in the host-patches folder to the Linux host and QEMU.
  2. Start an SEV-SNP VM.
  3. Run the code in this repo and wait for the message "waiting for the hypervisor to change memory to MMIO".
  4. Spam the attack command in QEMU several times.
  5. Once the exploit detects that the type of some of its memory has been changed to MMIO it will use the vulnerability to swap out its credentials with those of the init tasks.

Successful exploitation will look like this:

The exploit doesn't rely on any absolute kernel offsets but relies on the relative offsets of fields in the struct task_struct type. You might have to adjust those.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

2 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages