CVE-2024-0582 Exploit (PoC)

This repository provides a Proof-of-Concept (PoC) exploit for CVE-2024-0582, featuring both Dirty Cred and Dirty Pagetable attack methods to gain root privilege.

Description

• Based on Google Project Zero’s PoC: This exploits stands out from other PoCs on GitHub because it is heavily based on the PoC described in a Google Project Zero issue.

• Additional References: This exploit drew upon insights from the Exodus Intelligence blog post and ptrYudai's blog post.

• Bug Overview: CVE-2024-0582 is rooted in a flaw within the io_uring subsystem, allowing unintended access to freed memory pages.

Current Exploit Method

1. Dirty Cred

   • Uses an io_uring register/unregister sequence to trigger Page Use-After-Free.
   • Grants write access to /etc/passwd.
   • Injects a rogue user entry into /etc/passwd.

2. Dirty Page Method

   • Uses an io_uring register/unregister sequence to trigger Page Use-After-Free.
   • Gain write access to Page Table
   • Injects shellcode to pivot_root syscall.

Adjust the Offset Values

Before building, ensure that you have configured the correct offset values for each exploit. Refer to the documentation in:

• Dirty Cred
• Dirty Pagetable

These offsets may vary depending on your kernel version and environment.

Disclaimer

This repository and all its contents are for educational and research purposes only. Do not use this exploit on systems you do not own or have explicit permission to test. The author(s) assume no liability for any misuse or damage caused by this material.