Home

Awesome

Vault Range PoC

Project Vault Range PoC: Know your enemy and yourself to build better defense-in-depth solution! HardenedVault will share some of technical experience we gained during the daily work of building open source based security solution for platform/infrastructure, e.g: Linux kernel, firmware and cryptography engineering.

Any contributors are welcomed as well!

Proof of Concepts

Proof-of-concept/exploit code will be used to demonstrate the security vulnerabilities. Do not tweak them in the production.

Write-up

Exploit methods

VulnerabilityExploitation techniquesCan VED mitigate?
CVE-2021-22555Bypass CONFIG_SLAB_FREELIST_HARDENED/KASLR/SMAP + ROPYES
CVE-2021-22555++ with bypass TetragonYes
CVE-2021-22555++ with pipe-primitiveYes
CVE-2022-2639Random object to heap straying with pipe-primitiveYes
CVE-2022-34918Heap ***Yes
CVE-2022-0847Dirty PipeNo
AnySLUBStickPartially

Licence

All PoC/exploit in Vault Range PoC are under GPLv3. See LICENSE for further details.