Home

Awesome

perf event race condition PoC

This repository demonstrates that the race condition found by Ole (@firzen14) in perf events reported to the linux kernel security team is exploitable.
The PoC gains multiple writable pages of UAF kernel memory when it succeeds.

The patch for the bug can be found here.

The accompanying blog post can be found here.

Notes

This vulnerability is ordinarily only exploitable on real hardware, due to software PMUs not supporting aux buffers.
But because all major distributions mitigate the page corruption technique used in this PoC, you will either crash your system or see a lot of bad page entries in dmesg if you run it on your machine.

It is recommended to try this in a virtual machine with a modified mainline kernel that has been patched to enable aux buffers for software events.

Quick Start

Structure

The basic_linux_env directory contains:

The Makefile contains a make run command that assumes that you have qemu-system-x86_64 installed.
It will run qemu with the bzImage kernel and the initramfs.