CVE-2017-7308: AF_PACKET packet_set_ring Privilege Escalation

Exploitation Summary

EIP tracks 6 public exploits for CVE-2017-7308. PoCs published by Metasploit, Andrey Konovalov, bcoles, including Metasploit module exploits/linux/local/af_packet_packet_set_ring_priv_esc.

AI-analyzed exploit summary This Metasploit module exploits a heap-out-of-bounds write in the packet_set_ring function (CVE-2017-7308) in the Linux kernel to achieve local privilege escalation. It targets Ubuntu Xenial kernels 4.8.0 < 4.8.0-46 and includes bypasses for SMEP, SMAP, and KASLR.

Description

The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls.

Exploits (6)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocallinux

https://www.exploit-db.com/exploits/44654

View Code ZIP pw:eip

This Metasploit module exploits a heap-out-of-bounds write in the packet_set_ring function (CVE-2017-7308) in the Linux kernel to achieve local privilege escalation. It targets Ubuntu Xenial kernels 4.8.0 < 4.8.0-46 and includes bypasses for SMEP, SMAP, and KASLR.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Linux kernel versions 4.8.0-34 to 4.8.0-45 (Ubuntu Xenial)

No auth needed

Prerequisites: Unprivileged user namespaces enabled · Two or more CPU cores · GCC for live compilation (optional)

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Andrey Konovalov · clocallinux

https://www.exploit-db.com/exploits/41994

View Code ZIP pw:eip

This is a local privilege escalation exploit for CVE-2017-7308, targeting a use-after-free vulnerability in the Linux kernel's packet socket implementation. It includes KASLR bypass and SMEP/SMAP bypass techniques to achieve root privileges on vulnerable systems.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Linux kernel 4.8.0-41-generic (Ubuntu)

No auth needed

Prerequisites: Local access to a vulnerable Linux system · Kernel version 4.8.0-41-generic or similar

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1003 - OS Credential Dumping

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

by bcoles · clocallinux

https://www.exploit-db.com/exploits/47168

View Code ZIP pw:eip

This is a local privilege escalation exploit for CVE-2017-7308, targeting Linux kernels 4.8.0-34 to 4.8.0-45. It bypasses SMEP and SMAP protections to achieve root access by manipulating packet socket structures and kernel memory.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Linux kernel versions 4.8.0-34 to 4.8.0-45

No auth needed

Prerequisites: Local access to the target system · Kernel version within the specified range

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1211 - Exploitation for Defense Evasion

devstral-2 · analyzed Feb 16, 2026 Full analysis →

github WORKING POC 8 stars

by codecat007 · cpoc

https://github.com/codecat007/cvehub/tree/main/android/kernel/EXP-CVE-2017-7308

View Code ZIP pw:eip

This repository contains a functional local root exploit for CVE-2017-7308, targeting a vulnerability in the AF_PACKET sockets implementation in the Linux kernel. The exploit includes a SMEP & SMAP bypass and has been tested on Ubuntu kernel 4.8.0-41-generic.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Linux kernel (AF_PACKET sockets implementation)

No auth needed

Prerequisites: Local access to the target system · Kernel version vulnerable to CVE-2017-7308

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Feb 27, 2026 Full analysis →

nomisec WORKING POC

by anldori · poc

https://github.com/anldori/CVE-2017-7308

View Code ZIP pw:eip

This is a local privilege escalation exploit for CVE-2017-7308, targeting a use-after-free vulnerability in the Linux kernel's packet socket implementation. It includes KASLR bypass and SMEP/SMAP bypass techniques to achieve root privileges.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Linux kernel 4.8.0-41-generic (Ubuntu)

Auth required

Prerequisites: Local user access · Kernel version 4.8.0-41-generic or similar vulnerable version

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1003 - OS Credential Dumping

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC GOOD

by Andrey Konovalov, bcoles · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/af_packet_packet_set_ring_priv_esc.rb

View Code ZIP pw:eip

This Metasploit module exploits a heap-out-of-bounds write in the packet_set_ring function (CVE-2017-7308) to achieve local privilege escalation on vulnerable Linux kernels. It includes bypasses for SMEP, SMAP, and KASLR, and targets Ubuntu Xenial kernels 4.8.0 < 4.8.0-46.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Linux kernel versions 4.8.0-34 to 4.8.0-45 (Ubuntu Xenial)

No auth needed

Prerequisites: Unprivileged user namespaces enabled · Two or more CPU cores · Vulnerable kernel version

MITRE ATT&CK