- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 36310
- Проверка EDB
-
- Пройдено
- Автор
- GOOGLE SECURITY RESEARCH
- Тип уязвимости
- LOCAL
- Платформа
- LINUX_X86-64
- CVE
- cve-2015-0565
- Дата публикации
- 2015-03-09
Linux Kernel (x86-64) - Rowhammer Privilege Escalation
Код:
Sources:
http://googleprojectzero.blogspot.ca/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
https://code.google.com/p/google-security-research/issues/detail?id=283
Full PoC: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/36310.tar.gz
This is a proof-of-concept exploit that is able to gain kernel
privileges on machines that are susceptible to the DRAM "rowhammer"
problem. It runs as an unprivileged userland process on x86-64 Linux.
It works by inducing bit flips in page table entries (PTEs).
For development purposes, the exploit program has a test mode in which
it induces a bit flip by writing to /dev/mem. qemu_runner.py will run
the exploit program in test mode in a QEMU VM. It assumes that
"bzImage" (in the current directory) is a Linux kernel image that was
built with /dev/mem enabled (specifically, with the the
CONFIG_STRICT_DEVMEM option disabled).
Mark Seaborn
[email protected]
March 2015
- Источник
- www.exploit-db.com