Skip to content

Latest commit

 

History

History
42 lines (31 loc) · 1.76 KB

README.md

File metadata and controls

42 lines (31 loc) · 1.76 KB

Linux_kernel_exploits

Some Linux kernel exploits for various real world kernel vulnerabilities here. More exploits are yet to come.

This repo contains the exploits developed during a research project, as well as the code of FUZE to facilitate exploit generation.

what is FUZE

FUZE is a framework to facilitate linux kernel exploitation, here is the baisc idea of how it works:

  1. Critical information extraction we need to understand both spatial and temporal metadata of this vulnerability
  2. under context kernel fuzzing to find sensitive operation over the vulnerable object, e.g. dereferencing a dangling pointer
  3. partial symbolic execution After finding the dereference site of the vulnerable object, we start execution right before the dereference site, set the value in vulnerable object which can be controlled by us as symbolic bytes.

dependency

angr, qemu-system-x86_64, ROPGadget, pwntools, GDB, gef, capstone, KASAN, ftrace

install

To install FUZE, run the following command

git clone /~https://github.com/ww9210/Linux_kernel_exploits
cd Linux_kernel_exploits
python setup.py install --user

documentation

TODO here, currently you can browser the code under fuze/test

ack

For more details about facilitating linux kernel exploits, please refer to

@inproceedings {wei18fuze,
title = {FUZE: Towards facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities},
booktitle = {27th USENIX Security Symposium (USENIX Security 18)},
year = {2018},
address = {Baltimore, MD},
url = {https://www.usenix.org/conference/usenixsecurity18/presentation/wu-0},
publisher = {USENIX Association},
}

It would be very convenient if you cite the above article if our code is of help to your work.