so.cl

Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer


DirtyCred Remastered: how to turn an UAF into Privilege Escalation

A few weeks ago, @kiks and I started to search for some recent CVEs in order to practice our kernel exploitation skills. We chose CVE-2022-2602 as our target for two reasons:

  • There wasn’t a public exploit yet, only a PoC.
  • It involves io_uring, so it was a good way to learn more about it.

In the end, we were able to create a functional exploit using two different techniques: userfaultfd and inode locking. FUSE exploit coming soon, I’ll update this blog post :)

Go checking out @kiks’ blogpost about the same vulnerability here :) DirtyCred Remastered: how to turn an UAF into Privilege Escalation