mirror of
https://github.com/v12-security/pocs.git
synced 2026-05-26 08:40:48 +00:00
add video
This commit is contained in:
cts
stong
parent
a5c59cf1cc
commit
09e835b587
1 changed files with 5 additions and 3 deletions
|
|
@ -1,5 +1,7 @@
|
|||
# PinTheft
|
||||
|
||||
https://github.com/user-attachments/assets/5d411fb7-24c3-49d6-b8f7-ae73f80300a9
|
||||
|
||||
## Abstract
|
||||
|
||||
PinTheft is a Linux local privilege escalation exploit for an RDS zerocopy
|
||||
|
|
@ -7,7 +9,9 @@ double-free that can be turned into a page-cache overwrite through `io_uring`
|
|||
fixed buffers.
|
||||
|
||||
PinTheft was discovered with [V12](https://v12.sh) by Aaron Esau of the
|
||||
[V12 security team](https://x.com/v12sec).
|
||||
[V12 security team](https://x.com/v12sec). We duped on this bug with some other teams
|
||||
and a [patch](https://lore.kernel.org/netdev/20260505234336.2132721-1-achender@kernel.org/) is available
|
||||
so we are releasing our PoC.
|
||||
|
||||
> Want to find issues like this in your own code? Try V12 at [v12.sh](https://v12.sh).
|
||||
|
||||
|
|
@ -142,8 +146,6 @@ also handles kernels with `CONFIG_INIT_ON_ALLOC_DEFAULT_ON` by arranging for the
|
|||
target page to be populated after allocator zeroing and after the filesystem
|
||||
fills the page from disk.
|
||||
|
||||
A [patch](https://lore.kernel.org/netdev/20260505234336.2132721-1-achender@kernel.org/) is available.
|
||||
|
||||
Confirmed default exposure is limited by module availability. The required RDS
|
||||
module is default on Arch Linux, but not on most common distribution kernels we
|
||||
checked.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue