• Watch Queue Out of Bounds Write
    Disclosure Date: 2022-03-14
    First seen: 2022-12-23
    This module exploits a vulnerability in the Linux Kernel's watch_queue event notification system. It relies on a heap out-of-bounds write in kernel memory. The exploit may fail on the first attempt so multiple attempts may be needed. Note that the exploit can potentially cause a denial of service if multiple failed attemps occur, however this is unlikely. Authors: - Jann Horn - bonfee - bwatters-r7
  • Dirty Pipe Local Privilege Escalation via CVE-2022-0847
    Disclosure Date: 2022-02-20
    First seen: 2022-12-23
    This exploit targets a vulnerability in the Linux kernel since 5.8, that allows writing of read only or immutable memory. The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102. The module exploits this vulnerability by overwriting a suid binary with the payload, executing it, and then writing the original data back. There are two major limitations of this exploit: the offset cannot be on a page boundary (it needs to write one byte before the offset to add a reference to this page to the pipe), and the write cannot cross a page boundary. This means the payload must be less than the page size (4096 bytes). Authors: - Max Kellermann - timwr
  • Netfilter nft_set_elem_init Heap Overflow Privilege Escalation
    Disclosure Date: 2022-02-07
    First seen: 2022-12-23
    An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges. The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access. The issue exists in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. Authors: - Arthur Mongodin <amongodin <Arthur Mongodin <amongodin@randorisec.fr> (@_Aleknight_)> - Redouane NIBOUCHA <rniboucha@yahoo.fr>
3 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers. Visit metasploit web site for more details
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!