kernel-hack-drill icon indicating copy to clipboard operation
kernel-hack-drill copied to clipboard
verified publisher icon a13xp0p0v

feature: out-of-bound write primitive and an exploit

Open d1sgr4c3 opened this issue 1 month ago • 0 comments

hello, @a13xp0p0v !

please have a look at these changes:

  1. module has been patched to make OOBW happen, drill_test updated as well to prevent heap corruption
  2. built a basic exploit
  3. and carefully repaired modprobe_path
  4. readme updated as well

also POC can bypass this mitigations:

  • CONFIG_SLAB_MERGE_DEFAULT=n
  • CONFIG_SLAB_FREELIST_RANDOM=y
  • CONFIG_SLAB_FREELIST_HARDENED=y
  • CONFIG_SLAB_BUCKETS=y

d1sgr4c3 avatar Dec 14 '25 13:12 d1sgr4c3