5月7号,无补丁Linux “通杀” 提权漏洞!(多版本已复现)
(https://linux.do#p-17600716-h-1)漏洞条件几乎覆盖当前所有主流企业级和桌面 Linux 发行版。
漏洞名称内核版本xfrm-ESP Page-Cache Writecommit cac2661c53f3 (2017-01-17) – 最新commitRxRPC Page-Cache Writecommit 2dc334f1a63a (2023-06) – 最新commit
目前已知存在漏洞的发行版版本如下:
序号漏洞版本1Ubuntu 24.04.4: 6.17.0-23-generic2RHEL 10.1: 6.12.0-124.49.1.el10_1.x86_643openSUSE Tumbleweed: 7.0.2-1-default4CentOS Stream 10: 6.12.0-224.el10.x86_645AlmaLinux 10: 6.12.0-124.52.3.el10_1.x86_646Fedora 44: 6.19.14-300.fc44.x86_64
(https://linux.do#p-17600716-h-2)漏洞复现
漏洞复现非常简单 ,首先编译一下 exp-dirty-frag.c
https://cdn3.ldstatic.com/optimized/4X/d/4/a/d4af38981f07ff783ff9dedc142c91ee38f40074_2_690x98.png
然后直接低权限用户登录Linux,执行一下exp脚本即可获取到root权限
https://cdn3.ldstatic.com/optimized/4X/e/f/f/efff8603a81c03f7b147205db492fae61ec07d23_2_690x170.png
POC下载地址:GitHub - V4bel/dirtyfrag · GitHub (https://github.com/V4bel/dirtyfrag/)
页:
[1]