CVE-2017-14954
MEDIUMLinux Kernel < 4.13.4 - Unauthorized Sensitive Information Exposure via waitid System Call
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2017-14954. PoCs published by echo-devim.
AI-analyzed exploit summary This repository contains a combined exploit for three Linux kernel CVEs (CVE-2017-14954, CVE-2017-18344, CVE-2017-5123) to achieve local privilege escalation on Linux Kernel 4.13. It leverages an info leak to bypass KASLR, arbitrary read to locate the `struct cred`, and a buggy `waitid` syscall to overwrite the UID.
Description
The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted system call.
Exploits (1)
This repository contains a combined exploit for three Linux kernel CVEs (CVE-2017-14954, CVE-2017-18344, CVE-2017-5123) to achieve local privilege escalation on Linux Kernel 4.13. It leverages an info leak to bypass KASLR, arbitrary read to locate the `struct cred`, and a buggy `waitid` syscall to overwrite the UID.
References (5)
Scores
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N