CVE-2021-4154 exploit
This bug was fix in https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b0462726e7ef281c35a7a4ae33e93ee2bc9975b
This exploit works on most pre-patch kernels for:
Please feel free to send a PR to update README if you find it could work on other kernels.
You mention Centos8 kernels higher than linux-4.18.0-305.el8 are vulnerable however I just got the latest c8s iso from the official source and I'm getting this fsconfig: Invalid argument issue.
[sam@centos8 CVE-2021-4154]$ uname -a
Linux centos8 4.18.0-408.el8.x86_64 #1 SMP Mon Jul 18 17:42:52 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
[sam@centos8 CVE-2021-4154]$ gcc -pthread -o test exp.c
[sam@centos8 CVE-2021-4154]$ ./test
fsconfig: Invalid argument
[-] failed to write, retry...
fsconfig: Invalid argument
[-] failed to write, retry...Additionally I've just installed Ubuntu 20.04, I get the same error as CentOS8Stream
sam@ubuntu:~/CVE-2021-4154$ uname -a
Linux ubuntu 5.4.0-124-generic #140-Ubuntu SMP Thu Aug 4 02:23:37 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
sam@ubuntu:~/CVE-2021-4154$ ./test
fsconfig: Invalid argument
[-] failed to write, retry...
fsconfig: Invalid argument
[-] failed to write, retry...I'd expect it to fail on my labs older ubuntu box, as the kernel is lower than you mention, and the error is slightly different here (fsopen: Function not implemented)
sam@ubuntu:~/CVE-2021-4154$ uname -a
Linux ubuntu 4.15.0-88-generic #88-Ubuntu SMP Tue Feb 11 20:11:34 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
sam@ubuntu:~/CVE-2021-4154$ ./test
fsopen: Function not implemented
[-] failed to write, retry...Is the error from the CentOS8Stream box stating it's not vulnerable, or that the code is failing somewhere after compilation?
Hii, I wan to try this exploit in android device, but concern is that will it work in Android devices, if so how can we execute this exploit in android and what is configuration needed in android device to execute this exploit?
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.