exploitdb
WORKING POC
VERIFIED
by Metasploit · rubylocallinux
https://www.exploit-db.com/exploits/45058
This is a Metasploit module for CVE-2017-16995, a Linux kernel BPF sign extension vulnerability allowing local privilege escalation. It compiles and executes an exploit to gain root privileges on vulnerable systems.
Classification
Working Poc 100%
Target:
Linux kernel versions 4.0 to 4.14.11 with BPF support
Auth required
Prerequisites:
Local access to a vulnerable Linux system · BPF support enabled · Unprivileged BPF loading not disabled
exploitdb
WORKING POC
VERIFIED
by rlarabee · clocallinux
https://www.exploit-db.com/exploits/45010
This is a working privilege escalation exploit for CVE-2017-16995, leveraging eBPF verifier bypass to gain root access on vulnerable Linux kernels. It manipulates kernel memory structures to escalate privileges from an unprivileged user.
Classification
Working Poc 95%
Target:
Linux Kernel (4.4.0-31 to 4.13.0-21, and others)
No auth needed
Prerequisites:
Unprivileged user access · Vulnerable kernel version · eBPF support enabled
exploitdb
WORKING POC
by Bruce Leidl · clocallinux
https://www.exploit-db.com/exploits/44298
This exploit leverages a BPF (Berkeley Packet Filter) vulnerability (CVE-2017-16995) in the Linux kernel to achieve local privilege escalation by manipulating kernel memory to overwrite the UID of the current process, granting root access.
Classification
Working Poc 100%
Target:
Linux kernel 4.4.0-116-generic (Ubuntu 16.04.4)
No auth needed
Prerequisites:
Local access to the vulnerable system · Kernel version 4.4.0-116-generic or similar with BPF vulnerability
github
WRITEUP
3,480 stars
by qazbnm456 · poc
https://github.com/qazbnm456/awesome-cve-poc/tree/master/CVE-2017-16995.md
This repository provides a detailed analysis and references for CVE-2017-16995, an eBPF-based local privilege escalation vulnerability in Linux kernels before 4.4.0-116. It includes links to technical writeups, PoC code, and exploit details but does not contain functional exploit code itself.
Classification
Writeup 90%
Target:
Linux Kernel < 4.4.0-116 (Ubuntu 16.04.4)
No auth needed
Prerequisites:
Local access to the target system · eBPF support in the kernel
github
WRITEUP
14 stars
by xbl3 · poc
https://github.com/xbl3/awesome-cve-poc_qazbnm456/tree/master/CVE-2017-16995.md
This repository provides a technical analysis and references for CVE-2017-16995, an eBPF-based local privilege escalation vulnerability in the Linux kernel. It includes links to external writeups and exploit code but does not contain functional exploit code itself.
Classification
Writeup 90%
Target:
Linux Kernel < 4.4.0-116 (Ubuntu 16.04.4)
Auth required
Prerequisites:
Local access to the target system · Kernel version < 4.4.0-116
nomisec
WORKING POC
13 stars
by Al1ex · poc
https://github.com/Al1ex/CVE-2017-16995
This is a functional local privilege escalation exploit for CVE-2017-16995, targeting a vulnerability in the eBPF verifier in Linux kernels 4.4 to 4.14 on Ubuntu/Debian. It leverages a maliciously crafted BPF program to achieve arbitrary memory read/write, ultimately modifying the UID to gain root privileges.
Classification
Working Poc 100%
Target:
Linux Kernel 4.4-4.14 (Ubuntu/Debian)
Auth required
Prerequisites:
Local user access · Unpatched Ubuntu/Debian system with vulnerable kernel
nomisec
WORKING POC
2 stars
by ph4ntonn · poc
https://github.com/ph4ntonn/CVE-2017-16995
This is a working exploit for CVE-2017-16995, a local privilege escalation vulnerability in the Linux kernel's BPF verifier. The exploit leverages an integer overflow to bypass verifier checks and achieve arbitrary read/write in kernel memory, ultimately escalating privileges to root.
Classification
Working Poc 95%
Target:
Linux kernel versions before 4.9.75, 4.14.12, and 4.4.110
No auth needed
Prerequisites:
Linux kernel with vulnerable BPF verifier · Compilation environment for the exploit code
nomisec
WORKING POC
1 stars
by littlebin404 · poc
https://github.com/littlebin404/CVE-2017-16995
This is a working local privilege escalation (LPE) exploit for CVE-2017-16995, targeting a vulnerability in the eBPF verifier in the Linux kernel. The exploit manipulates the eBPF verifier to achieve arbitrary memory read/write, ultimately modifying the UID to gain root privileges.
Classification
Working Poc 100%
Target:
Linux kernel (Ubuntu 16.04.1~16.04.4)
No auth needed
Prerequisites:
Access to a vulnerable Linux kernel (Ubuntu 16.04.1~16.04.4) · Local user access
nomisec
WORKING POC
1 stars
by vnik5287 · poc
https://github.com/vnik5287/CVE-2017-16995
This is a working privilege escalation exploit for CVE-2017-16995, targeting a vulnerability in the Linux kernel's eBPF verifier. It leverages a stack overflow to overwrite kernel memory and escalate privileges to root.
Classification
Working Poc 100%
Target:
Linux kernel 4.4.0-116-generic (Ubuntu 16.04.4)
No auth needed
Prerequisites:
Access to a vulnerable Linux kernel version · Ability to compile and execute C code on the target system
nomisec
WORKING POC
1 stars
by senyuuri · poc
https://github.com/senyuuri/cve-2017-16995
This is a functional local privilege escalation exploit for CVE-2017-16995, targeting a vulnerability in the Linux kernel's BPF (Berkeley Packet Filter) implementation. The exploit manipulates kernel memory to escalate privileges to root by overwriting the UID of the current process.
Classification
Working Poc 100%
Target:
Linux kernel 4.4.0-116-generic
No auth needed
Prerequisites:
Access to a vulnerable Linux kernel (4.4.0-116-generic) · Local user access
nomisec
WORKING POC
1 stars
by gugronnier · poc
https://github.com/gugronnier/CVE-2017-16995
This is a functional privilege escalation exploit for CVE-2017-16995, targeting a vulnerability in the Linux kernel's eBPF verifier. It manipulates kernel memory to escalate privileges to root by overwriting the UID of the current process.
Classification
Working Poc 100%
Target:
Linux kernel 4.4.0-31-generic and 4.4.0-116-generic (Ubuntu 16.04)
No auth needed
Prerequisites:
Access to a vulnerable Linux kernel version · Ability to compile and execute C code on the target system
github
WORKING POC
by Andyyyyuan · pythonpoc
https://github.com/Andyyyyuan/CVE-Poc/tree/main/CVE-2017-16995
This repository contains a functional exploit for CVE-2017-16995, a local privilege escalation vulnerability in the Linux kernel's eBPF verifier. The exploit leverages a crafted BPF program to achieve arbitrary memory read/write, ultimately escalating privileges to root.
Classification
Working Poc 100%
Target:
Linux Kernel 4.4.0-116-generic (Ubuntu 16.04.4 LTS)
No auth needed
Prerequisites:
Linux kernel version 4.4.0-116-generic · eBPF support enabled · unprivileged user access
nomisec
WORKING POC
by xxxTectationxxx · poc
https://github.com/xxxTectationxxx/CVE-2017-16995
This repository contains two functional privilege escalation exploits for CVE-2017-16995, targeting a vulnerability in the eBPF verifier in Linux kernels. Both exploits leverage eBPF to achieve arbitrary read/write in kernel memory, ultimately modifying the cred structure to gain root privileges.
Classification
Working Poc 95%
Target:
Linux kernel versions 4.4.0-116-generic and others (Ubuntu 16.04, Fedora 27)
No auth needed
Prerequisites:
Access to a vulnerable Linux kernel with eBPF support · Ability to compile and execute C code on the target system
nomisec
WORKING POC
by ZhiQiAnSecFork · poc
https://github.com/ZhiQiAnSecFork/cve-2017-16995
This is a functional exploit for CVE-2017-16995, leveraging eBPF verifier bypass to achieve local privilege escalation on vulnerable Linux kernels. It manipulates kernel memory to escalate privileges to root by patching the cred structure.
Classification
Working Poc 100%
Target:
Linux Kernel (4.4.0-31 to 4.13.0-21, and others)
No auth needed
Prerequisites:
Vulnerable Linux kernel version · Local user access
nomisec
WORKING POC
by anldori · poc
https://github.com/anldori/CVE-2017-16995
This is a functional exploit for CVE-2017-16995, a Linux kernel vulnerability in the eBPF verifier. It bypasses security checks to achieve local privilege escalation by manipulating kernel memory structures.
Classification
Working Poc 95%
Target:
Linux Kernel (4.4.0-31 to 4.13.0-21, and others)
No auth needed
Prerequisites:
Linux kernel with vulnerable eBPF verifier · Unprivileged user access
nomisec
WORKING POC
by fei9747 · poc
https://github.com/fei9747/CVE-2017-16995
This is a functional local privilege escalation (LPE) exploit for CVE-2017-16995, targeting a vulnerability in the eBPF verifier in Linux kernels 4.4 to 4.14 on Ubuntu/Debian. The exploit manipulates the eBPF verifier to achieve arbitrary memory read/write, ultimately modifying the UID of the current process to gain root privileges.
Classification
Working Poc 100%
Target:
Linux Kernel 4.4-4.14 (Ubuntu/Debian)
No auth needed
Prerequisites:
Access to a vulnerable Ubuntu/Debian system with kernel versions 4.4 to 4.14 · Compilation tools (gcc) to build the exploit
nomisec
WORKING POC
by ivilpez · poc
https://github.com/ivilpez/cve-2017-16995.c
This repository contains a PoC for CVE-2017-16995, a local privilege escalation vulnerability in the Linux kernel's USB subsystem. The provided compile script builds three binaries likely used to exploit the double-free vulnerability.
Classification
Working Poc 90%
Target:
Linux kernel < 4.13.8
Auth required
Prerequisites:
Local access to the target system · Compilation environment with gcc and pkg-config
nomisec
WORKING POC
by Lumindu · poc
https://github.com/Lumindu/CVE-2017-16995-Linux-Kernel---BPF-Sign-Extension-Local-Privilege-Escalation-
This exploit leverages a sign extension vulnerability in the Linux kernel's BPF verifier (CVE-2017-16995) to achieve local privilege escalation. It manipulates BPF maps and socket filters to read/write arbitrary kernel memory, ultimately overwriting the current process's UID to gain root privileges.
Classification
Working Poc 95%
Target:
Linux Kernel (versions 4.4 to 4.14)
No auth needed
Prerequisites:
Local access to a vulnerable Linux system · BPF syscall support enabled · Kernel version 4.4 to 4.14
nomisec
WORKING POC
by C0dak · poc
https://github.com/C0dak/CVE-2017-16995
This is a working privilege escalation exploit for CVE-2017-16995, targeting a vulnerability in the eBPF verifier in Linux kernels 4.4 to 4.14. The exploit manipulates the eBPF verifier to achieve arbitrary memory read/write, ultimately modifying the UID of the current process to gain root privileges.
Classification
Working Poc 100%
Target:
Linux Kernel 4.4 to 4.14 (Ubuntu/Debian)
No auth needed
Prerequisites:
Linux kernel version 4.4 to 4.14 · eBPF support enabled · Non-privileged user access
metasploit
WORKING POC
GREAT
by Jann Horn, bleidl, vnik, rlarabee, h00die, bcoles · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/bpf_sign_extension_priv_esc.rb
This Metasploit module exploits CVE-2017-16995, a Linux kernel BPF verifier vulnerability allowing local privilege escalation via incorrect sign extension in the `check_alu_op` function. It bypasses the verifier to achieve arbitrary kernel read/write, tested on multiple Linux distributions.
Classification
Working Poc 100%
Target:
Linux kernel < 4.14.8 with BPF support
No auth needed
Prerequisites:
Unprivileged BPF access enabled · BPF syscall support in kernel · x86_64 architecture