CVE-2024-0582

HIGH EXPLOITED

Linux Kernel 6.4-6.6.4 - Use-After-Free in io_uring Buffer Ring Registration

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2024-0582 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 9 public exploits from researchers including ysanatomic, geniuszly, kuzeyardabulut.

AI-analyzed exploit summary This repository contains a functional local privilege escalation (LPE) exploit for CVE-2024-0582, leveraging an io_uring vulnerability in the Linux kernel. The exploit manipulates socket structures to achieve arbitrary kernel memory read/write, bypassing KASLR and ultimately escalating privileges.

Description

A memory leak flaw was found in the Linux kernel’s io_uring functionality in how a user registers a buffer ring with IORING_REGISTER_PBUF_RING, mmap() it, and then frees it. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Exploits (9)

nomisec WORKING POC 101 stars
by ysanatomic · local
https://github.com/ysanatomic/io_uring_LPE-CVE-2024-0582

This repository contains a functional local privilege escalation (LPE) exploit for CVE-2024-0582, leveraging an io_uring vulnerability in the Linux kernel. The exploit manipulates socket structures to achieve arbitrary kernel memory read/write, bypassing KASLR and ultimately escalating privileges.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: Linux kernel (specific versions affected by CVE-2024-0582)
No auth needed
Prerequisites: Linux system with vulnerable kernel · io_uring support enabled · unprivileged user access
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 13 stars
by geniuszly · local
https://github.com/geniuszly/CVE-2024-0582

This repository contains a functional exploit PoC for CVE-2024-0582, leveraging io_uring buffer manipulation to achieve privilege escalation via memory corruption and KASLR bypass. The code includes detailed setup for io_uring, socket manipulation, and memory dumping to locate and exploit kernel structures.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: Linux Kernel (io_uring subsystem)
No auth needed
Prerequisites: Linux kernel with vulnerable io_uring implementation · Ability to execute code on the target system
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 10 stars
by kuzeyardabulut · local
https://github.com/kuzeyardabulut/CVE-2024-0582

This repository contains a functional Proof-of-Concept (PoC) exploit for CVE-2024-0582, leveraging the Dirty Cred and Dirty Pagetable attack methods to achieve local privilege escalation (LPE) by exploiting a use-after-free vulnerability in the io_uring subsystem. The exploit includes both C and Rust implementations, with detailed instructions for adjusting kernel-specific offsets.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Linux Kernel with vulnerable io_uring implementation
No auth needed
Prerequisites: Vulnerable Linux kernel with CVE-2024-0582 · Access to io_uring subsystem · Ability to adjust kernel-specific offsets
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 4 stars
by 101010zyl · local
https://github.com/101010zyl/CVE-2024-0582-dataonly

This repository contains a functional data-only exploit for CVE-2024-0582, leveraging a use-after-free vulnerability in io_uring to modify file permissions and append a backdoor user to /etc/passwd. The exploit sprays file structures and manipulates memory to achieve local privilege escalation.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: Linux kernel with io_uring (specific versions affected by CVE-2024-0582)
No auth needed
Prerequisites: Linux system with vulnerable io_uring implementation · Ability to execute unprivileged code
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by nanabingies · local
https://github.com/nanabingies/CVE-2024-0582

This repository contains a functional exploit for CVE-2024-0582, a Use-After-Free vulnerability in the io_uring subsystem of the Linux kernel version 6.6.1. The exploit leverages message queue manipulation and pipe_buffer structures to achieve arbitrary read/write primitives, ultimately leading to privilege escalation.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: Linux kernel 6.6.1
No auth needed
Prerequisites: Linux kernel 6.6.1 with io_uring enabled · Ability to execute code on the target system
devstral-2 · analyzed May 15, 2026 Full analysis →
github WORKING POC
by gum3t · cpoc
https://github.com/gum3t/cve_exploits/tree/main/CVE-2024-0582

This repository contains a functional exploit for CVE-2024-0582, leveraging a use-after-free (UAF) vulnerability in the Linux kernel's io_uring subsystem. The exploit manipulates file operations to achieve local privilege escalation (LPE) by modifying kernel structures.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Linux kernel 6.5.3
No auth needed
Prerequisites: Linux kernel 6.5.3 · io_uring support · local access
devstral-2 · analyzed May 15, 2026 Full analysis →
gitlab WORKING POC
by robbert1978 · poc
https://gitlab.com/robbert1978/cve-2024-0582

This repository contains a functional exploit for CVE-2024-0582, leveraging io_uring buffer registration to achieve local privilege escalation (LPE) by manipulating page table entries (PTE) and overwriting kernel memory. The exploit is designed to run in a QEMU environment with specific kernel configurations.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Linux Kernel (specific version not explicitly stated, but likely a recent kernel with io_uring support)
No auth needed
Prerequisites: io_uring support in the kernel · specific kernel configuration (e.g., KASLR disabled or bypassed) · QEMU environment with provided disk images
devstral-2 · analyzed Feb 23, 2026 Full analysis →
nomisec WORKING POC
by pwnmonk · local
https://github.com/pwnmonk/io_uring-n-day

This repository contains a functional proof-of-concept exploit for CVE-2024-0582, a page-level use-after-free vulnerability in the Linux kernel's `io_uring` subsystem. The exploit includes kernel configuration, build scripts for a QEMU environment, and a C-based exploit that demonstrates privilege escalation.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: Linux kernel 6.6.2 with io_uring enabled
No auth needed
Prerequisites: Linux host with QEMU and liburing development headers · Specific kernel version (6.6.2) and configuration
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by 0ptyx · local
https://github.com/0ptyx/cve-2024-0582

This repository contains a functional proof-of-concept exploit for CVE-2024-0582, leveraging io_uring buffer ring manipulation to leak kernel memory addresses. The exploit demonstrates a memory corruption vulnerability in the Linux kernel's io_uring subsystem.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: Linux Kernel (specific version not specified)
No auth needed
Prerequisites: Linux kernel with io_uring support · Compilation environment with liburing
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 7.8
EPSS 0.0074
EPSS Percentile 73.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

VulnCheck KEV 2025-02-26
CWE
CWE-416
Status published
Products (2)
linux/linux_kernel 6.7 rc1 (3 CPE variants)
linux/linux_kernel 6.4 - 6.6.5
Published Jan 16, 2024
Tracked Since Feb 18, 2026