Share
## https://sploitus.com/exploit?id=C128265F-2585-5C2C-B18F-CBE098C85298
# How to use this repo

This is a Linux Kernel Local Privilege Escalation PoC code for a use-after-free in skbuff.c : https://github.com/torvalds/linux/commit/98d0912e9f841e5529a5b89a972805f34cb1c69d

[vidieo1.webm](https://github.com/user-attachments/assets/203f5b92-dabb-4194-8dc1-a665fa5d8dd0)

here is the writeup link: https://hackmd.io/@mlc0cVjxSwqv0OoxsUYccw/Bk99YYTyzx 
***you need to turn on cloudfare warp or vpn to see writeup***

The large files (rootfs, vmlinux) are compressed and split into chunks. First run setup to restore them:
```bash
./setup.sh
```
You will need `zstd` for this.

Then run:
```bash
./run.sh
```

What `run.sh` does:
- Compiles the exploit code and copies the binary to `share/`
- Boots QEMU with the kernel
- When QEMU finishes booting, the `share/` folder is mounted at `~/exploit` inside the VM โ€” run the binary from there to get root

There are two PoC versions:
- `lts_poc` โ€” targets `lts-6.12.89`, built from the Google kernel CTF image with config adjusted to meet the exploit requirements
- `uek_poc` โ€” targets Oracle Linux UEK R8 (`6.12.0-202.76.4.2`), bzImage copied directly from the grub boot of a freshly installed Oracle Linux 10.1

To switch between kernels, see the commented lines at the top of `qemu_v3.sh`.