Linux_kernel_exploits icon indicating copy to clipboard operation
Linux_kernel_exploits copied to clipboard

Published 20 hours ago verified publisher icon ww9210

Questions about the exploitation of the CVE-2017-17053

Open 0xdd96 opened this issue 3 years ago • 1 comments

Hello, I would like to ask you about the exploit of CVE-2017-17053.

I ran the exp for one night, but it still didn't stop, so I didn't analyze the exploit process through debugging.

I read the code of exp, and compared to PoC, the ccid_alloc function seems to play an important role. I guess it wants to reuse the ldt_struct structure by allocating sockets. But the size of ldt_struct is 0x10, and a heap chunk of size 0x40 will be allocated in sock_alloc, which seems to be unusable (Maybe I got it wrong). In addition, I have not seen the operation of writing malicious data to the chunk, so I want to know how the control flow is hijacked.

In summary, for CVE-2017-17053, I would like to ask:

  1. When will the ldt_struct structure be reused?
  2. When was the control flow hijacked?

Looking forward to your answer, thank you!

0xdd96 avatar Jul 30 '21 03:07 0xdd96

i have no idea about ur issue

FJSEN avatar Sep 25 '21 04:09 FJSEN