Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-0582

Published: 16/01/2024 Updated: 01/05/2024
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Linux Kernel

Vulnerability Summary

A memory leak flaw was found in the Linux kernel’s io_uring functionality in how a user registers a buffer ring with IORING_REGISTER_PBUF_RING, mmap() it, and then frees it. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel 6.7

linux linux kernel

Vendor Advisories

Red Hat:
Description<!---->A memory leak flaw was found in the Linux kernel’s io_uring functionality in how a user registers a buffer ring with IORING_REGISTER_PBUF_RING, mmap() it, and then frees it This flaw allows a local user to crash or potentially escalate their privileges on the systemA memory leak flaw was found in the Linux kernel’s io_uring ...

Mailing Lists

Full Disclosure: CVE-2024-0582 - Linux kernel use-after-free vulnerability in io_uring, writeup and exploit strategy
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> CVE-2024-0582 - Linux kernel use-after-free vulnerability in io_uring, writeup and exploit strategy <!--X-Subject-Header-End-- ...

Github Repositories

https://github.com/FoxyProxys/CVE-2024-0582

CVE-2024-0582: Serious Linux Kernel Bug Opens Door to System Takeovers, PoC Published Bypass latest Kernel User to root ---&gt;Usage python3 CVE-2024-0582py 通过利用错误配置的 setuid/setgid 二进制文件、功能和 sudo 权限,在 unix 系统上自动提升权限。专为 CTF 设计,但也适用于现实世界的渗透测试。✅ 功能 自动利用配置

https://github.com/ysanatomic/io_uring_LPE-CVE-2024-0582

LPE exploit for CVE-2024-0582 (io_uring)

io_uring_LPE-CVE-2024-0582 LPE exploit for CVE-2024-0582 I will not be releasing a write-up for this vulnerability as my method of exploitation is almost the same as for CVE-2023-2598 You can read the exploitation section of my write-up on CVE-2023-2598 to understand this exploit as well: Conquering the memory through io_uring - Analysis of CVE-2023-2598 If you want to read

https://github.com/Forsaken0129/UltimateLinuxPrivilage

CVE-CVE-2024-0582 latest kernel bypass root updated POC just run python file with root ____________________________________________________________________________________________________________________________________________________________________________________________________ ✅ Features 通过利用错误配置的 setuid/setgid 二进制文件、功能和 sudo 权限

References

CWE-416https://access.redhat.com/security/cve/CVE-2024-0582https://bugs.chromium.org/p/project-zero/issues/detail?id=2504https://bugzilla.redhat.com/show_bug.cgi?id=2254050https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c392cbecd8eca4c53f2bf508731257d9d0a21c2dhttp://www.openwall.com/lists/oss-security/2024/04/24/3https://nvd.nist.govhttps://github.com/FoxyProxys/CVE-2024-0582https://github.com/ysanatomic/io_uring_LPE-CVE-2024-0582https://seclists.org/oss-sec/2024/q2/172https://access.redhat.com/security/cve/cve-2024-0582
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991CVE-2024-32674path traversalCVE-2023-21987denial of servicedosCVE-2024-4647CVE-2024-25519CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook