Lucene search
K

4 matches found

Metasploit
Metasploit
added 2023/02/01 7:50 p.m.278 views

io_uring Same Type Object Reuse Priv Esc

This module exploits a bug in iouring leading to an additional putcred that can be exploited to hijack credentials of other processes. We spawn SUID programs to get the free'd cred object reallocated by a privileged process and abuse them to create a SUID root binary ourselves that'll pop a shell...

8.8CVSS7.8AI score0.03718EPSS
Exploits4
Metasploit
Metasploit
added 2023/02/01 7:50 p.m.340 views

vmwgfx Driver File Descriptor Handling Priv Esc

If the vmwgfx driver fails to copy the 'fencerep' object to userland, it tries to recover by deallocating the already populated file descriptor. This is wrong, as the fd gets released via putunusedfd which shouldn't be used, as the fd table slot was already populated via the previous call to...

7.8CVSS6.5AI score0.02579EPSS
Exploits3
0day.today
0day.today
added 2023/02/01 12:0 a.m.310 views

io_uring Same Type Object Reuse Privilege Escalation Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'iouring Same Type Object Reuse Priv Esc', 'Description' = %q This module exploits a bug in iouring leading to an additional putcred that can be...

8.8CVSS8.8AI score0.03718EPSS
Exploits4
0day.today
0day.today
added 2023/02/01 12:0 a.m.329 views

vmwgfx Driver File Descriptor Handling Privilege Escalation Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'vmwgfx Driver File Descriptor Handling Priv Esc', 'Description' = %q If the vmwgfx driver fails to copy the 'fencerep' object to userland, it tri...

7.8CVSS7.1AI score0.02579EPSS
Exploits3
Rows per page
Query Builder