## https://sploitus.com/exploit?id=9BFB9FCB-0521-5C5D-88FE-342F716FCC9B
# CVE-2024-0582 Exploit (PoC)
This repository provides a Proof-of-Concept (PoC) exploit for **CVE-2024-0582**, featuring both **Dirty Cred** and **Dirty Pagetable** attack methods to gain root privilege.
## Description
- **Based on Google Project Zero’s PoC:** This exploits stands out from other PoCs on GitHub because it is heavily based on the PoC described in [a Google Project Zero](https://project-zero.issues.chromium.org/issues/42451653) issue.
- **Additional References:** This exploit drew upon insights from the [Exodus Intelligence blog post](https://blog.exodusintel.com/2024/03/27/mind-the-patch-gap-exploiting-an-io_uring-vulnerability-in-ubuntu/) and [ptrYudai's blog post](https://ptr-yudai.hatenablog.com/entry/2023/12/08/093606).
- **Bug Overview:** *CVE-2024-0582* is rooted in a flaw within the `io_uring` subsystem, allowing unintended access to freed memory pages.
### Current Exploit Method
1. **Dirty Cred**
- Uses an `io_uring` **register/unregister** sequence to trigger Page Use-After-Free.
- Grants write access to `/etc/passwd`.
- Injects a rogue user entry into `/etc/passwd`.
2. **Dirty Page Method**
- Uses an `io_uring` **register/unregister** sequence to trigger *Page Use-After-Free*.
- Gain write access to Page Table
- Injects shellcode to `pivot_root` syscall.
## Adjust the Offset Values
Before building, ensure that you have configured the correct offset values for each exploit. Refer to the documentation in:
- [Dirty Cred](dirty_cred/README.md#determining-the-correct-offset-values)
- [Dirty Pagetable](dirty_page_table/README.md#determining-the-correct-offset-values)
These offsets may vary depending on your kernel version and environment.
## Disclaimer
This repository and all its contents are for educational and research purposes only. Do not use this exploit on systems you do not own or have explicit permission to test. The author(s) assume no liability for any misuse or damage caused by this material.