- Kernel pwn speedrun. SMAP and SMEP are off.
- The vulnerable module provides stack OOB read and write.
- Leak the kernel base using the OOB read.
- Jump to the shellcode in userspace using the OOB write.
- Call
commit_creds(prepare_kernel_cred(0)). - Manually switch back to userspace. Spawn a shell.
SPD D
Folders and files
| Name | Name | Last commit date | ||
|---|---|---|---|---|
parent directory.. | ||||