Proof-of-Concept local root exploit for the double-free in Linux kernel DCCP implementation (CVE-2017-6074): github.com/xairy/kernel-e
3
251
255
Conversation
Replying to
why do you need to run inside a namespace? haven't tried it yet but can't you create dccp sockets as a non-privileged user?
1
Replying to
You can, so namespace support is not technically required to exploit the bug, but it made things easier for two reasons:
Replying to
1: need CAP_SYS_NICE to sched_setaffinity (percpu freelists) and 2: need CAT_NET_RAW to create AF_PACKET sockets (SM*P bypass)
1
2
3
Replying to
Though looking at the code now it seems you only need CAP_SYS_NICE to set affinity of another process lxr.free-electrons.com/source/kernel/
1
Show replies