CVE-2020-12242

HIGH

Valve Source - Local Privilege Escalation via /tmp/hl2_relaunch File Execution

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-12242. PoCs published by 0xEmma.

AI-analyzed exploit summary This exploit leverages CVE-2020-12242 to achieve arbitrary code execution on macOS by injecting a payload into the '/tmp/hl2_relaunch' file, which is then executed by the Source Engine. The exploit is straightforward and requires user interaction to input the command.

Description

Valve Source allows local users to gain privileges by writing to the /tmp/hl2_relaunch file, which is later executed in the context of a different user account.

Exploits (1)

exploitdb WORKING POC

by 0xEmma · textlocalmacos

https://www.exploit-db.com/exploits/48387

View Code ZIP pw:eip

This exploit leverages CVE-2020-12242 to achieve arbitrary code execution on macOS by injecting a payload into the '/tmp/hl2_relaunch' file, which is then executed by the Source Engine. The exploit is straightforward and requires user interaction to input the command.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Source Engine (CS:GO BuildID: 4937372, TF2 BuildID: 4871679, Garry's Mod BuildID: 4803834, Half Life 2 BuildID: 4233302)

No auth needed

Prerequisites: macOS environment · Write access to '/tmp/hl2_relaunch' · Source Engine game execution context

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1204 - User Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://0xem.ma/cve/2020/04/28/Source-hl2-relaunch-exec.html

Scores

CVSS v3 7.8

EPSS 0.0109

EPSS Percentile 61.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

valvesoftware/source

Published Apr 27, 2020

Tracked Since Feb 18, 2026