CVE-2004-0415

Linux Kernel - Unauthenticated Memory Exposure via 64-bit File Offset Pointer Conversion

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-0415. PoCs published by Paul Starzetz.

AI-analyzed exploit summary This exploit leverages a race condition in the Linux kernel's handling of `/proc/mtrr` to achieve arbitrary kernel memory reads. It uses `madvise` and `_llseek` to manipulate file positions and trigger a condition where kernel memory is dumped to a user-controlled file.

Description

Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Paul Starzetz · clocallinux

https://www.exploit-db.com/exploits/375

View Code ZIP pw:eip

This exploit leverages a race condition in the Linux kernel's handling of `/proc/mtrr` to achieve arbitrary kernel memory reads. It uses `madvise` and `_llseek` to manipulate file positions and trigger a condition where kernel memory is dumped to a user-controlled file.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Complex

Reliability

Racy

Target: Linux kernel (versions affected by CVE-2004-0415)

No auth needed

Prerequisites: Access to a vulnerable Linux system · Ability to execute binary code · A large file not in cache

MITRE ATT&CK