Kernel Root Exploit via a ptrace() and execve() Race Condition

Let's have a look at a recent kernel local privilege escalation exploit!

Exploit Source: https://hxp.io/blog/79/hxp-CTF-2020-w...
Kernel Developer Walkthrough:    • SerenityOS exploit analysis: HXP CTF ...  

Syscalls, Kernel vs. User Mode and Linux Kernel Source Code:    • Syscalls, Kernel vs. User Mode and Li...  
How Do Linux Kernel Drivers Work?    • How Do Linux Kernel Drivers Work? - L...  

👕 T-Shirt Series:    • My Life in Short/Shirt Stories (Decem...  

00:00 - Introduction
00:15 - Exploit PoC
00:39 - main()
00:52 - prepare_shellcode()
02:39 - mmap() shared memory to signal "ready" state
03:07 - fork() into [child] and [parent]
03:44 - [parent] wait for the child
04:00 - [child] unveil() loop
05:03 - [parent] ptrace ATTACH and POKE child
05:58 - [child] execve("passwd")
06:38 - [parent] PEEK entrypoint of child in loop
07:34 - [parent] child entrypoint changes!
07:49 - Exploit Walkthrough
09:20 - Root Shell via Shellcode
10:10 - Vulnerability Summary
10:37 - Which UNIX-like Kernel is this?
12:44 - The importance for Security Research
13:59 - Next Video and Resources
14:22 - Patreon and YT Members

=[ ❤️ Support ]=

→ per Video:   / liveoverflow  
→ per Month:    / @liveoverflow  

=[ 🐕 Social ]=

→ Twitter:   / liveoverflow  
→ Website: https://liveoverflow.com/
→ Subreddit:   / liveoverflow  
→ Facebook:   / liveoverflow  

=[ 📄 P.S. ]=

All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.