CVE-2015-3256
polkit < 0.113 - Memory Corruption and Denial of Service via JavaScript Rule Evaluation
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2015-3256. PoCs published by puglia-ryan.
AI-analyzed exploit summary This repository contains a functional proof-of-concept for CVE-2015-3456 (VENOM), demonstrating a crash in QEMU v2.3.0 by flooding the floppy disk controller (FDC) with attacker-controlled bytes. The exploit includes a guest-side C program (`venom-crash.c`) that triggers the vulnerability, along with setup scripts and patching notes.
Description
PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation."
Exploits (1)
This repository contains a functional proof-of-concept for CVE-2015-3456 (VENOM), demonstrating a crash in QEMU v2.3.0 by flooding the floppy disk controller (FDC) with attacker-controlled bytes. The exploit includes a guest-side C program (`venom-crash.c`) that triggers the vulnerability, along with setup scripts and patching notes.