Conversation
* kernelctf: add CVE-2025-38248_cos * kernelctf: add CVE-2025-38248_cos * kernelctf: add CVE-2025-38248_cos * kernelctf: add CVE-2025-38248_cos * kernelctf: add CVE-2025-38248_cos * kernelctf: add CVE-2025-38248_cos * kernelctf: add CVE-2025-38248_cos * kernelctf: add CVE-2025-38248_cos * kernelctf: add CVE-2025-38248_cos * kernelctf: add CVE-2025-38248_cos * kernelctf: add CVE-2025-38248_cos * kernelctf: add CVE-2025-38248_cos * kernelctf: add CVE-2025-38248_cos * kernelctf: add CVE-2025-38248_cos * kernelctf: add CVE-2025-38248_cos
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
pocs/linux/kernelctf/CVE-2025-38248_cos/exploit/cos-121-18867.294.25/exploit.c
Outdated
Show resolved
Hide resolved
artmetla
left a comment
artmetla
left a comment
There was a problem hiding this comment.
@Varde7918 Please have a look at the comments and introduce necessary changes.
artmetla
left a comment
artmetla
left a comment
There was a problem hiding this comment.
Hello @Varde7918. Please have another looks at exploit code and check if some extra features of kernelXDK could be utilised
| char pad_2[16]; /* 224 - 240 */ | ||
| } __attribute__((__aligned__(8))); | ||
|
|
||
| struct net_bridge_port { |
There was a problem hiding this comment.
Could you please elaborate why do you need this? When it's added via
st.AddStruct("net_bridge_port", 640, {
{"multicast_ctx", 304, 240},
});
kxdb.AddTarget(st);
| char pad_1[96]; /* 544 - 640 */ | ||
| } __attribute__((__aligned__(8))); | ||
|
|
||
| void craft_fake_net_bridge_port(struct net_bridge_port *p, |
There was a problem hiding this comment.
How do you use kernelXDK here?
| sleep(1); | ||
| struct net_bridge_port fake_net_bridge_port; | ||
| struct msg_msg *target_msg_msg = (struct msg_msg *)(GUESSED_MSG_ADDR); | ||
| craft_fake_net_bridge_port(&fake_net_bridge_port, |
There was a problem hiding this comment.
Please check target.GetFieldOffset and rely on it to construct fake object
| }); | ||
| kxdb.AddTarget(st); | ||
|
|
||
| auto target = kxdb.GetTarget("kernelctf", "cos-121-18867.294.25"); |
There was a problem hiding this comment.
You should autodetect target. In this case it'll run only on cos-121-18867.294.25 as you've added Target st("kernelctf", "cos-121-18867.294.25"); but it's by design.
2 participants
No description provided.