Add kernelCTF CVE-2023-4622_cos (#81)

* Upload CVE-2023-4622_cos

* Fix offset issue

---------

Co-authored-by: Bing-Jhong Billy Jheng <[email protected]>

Author: st424204

pocs/linux/kernelctf/CVE-2023-4622_cos/docs/exploit.md

@@ -0,0 +1,14 @@
+- Requirements:
+    - Capabilites: NA
+    - Kernel configuration: CONFIG_UNIX=y
+    - User namespaces required: No
+- Introduced by: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=869e7c62486e
+- Fixed by: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-6.1.y&id=790c2f9d15b594350ae9bca7b236f2b1859de02c
+- Affected Version: v4.2 - v6.4
+- Affected Component: af_unix
+- Syscall to disable: splice
+- URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4622
+- Cause: Use-After-Free
+- Description: A use-after-free vulnerability in the Linux kernel's af_unix. unix_stream_sendpage() tries to add data to the last skb in the peer's
+recv queue without locking the queue. So, there is a race where unix_stream_sendpage() could access an skb locklessly that is being
+released by garbage collection, resulting in use-after-free. We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.

pocs/linux/kernelctf/CVE-2023-4622_cos/docs/vulnerability.md

@@ -0,0 +1,12 @@
+exploit: poc root run.sh
+	tar czf ./poc.tar.gz poc root
+	cp run.sh exploit
+	fallocate -l 512 exploit
+	dd if=poc.tar.gz of=exploit conv=notrunc oflag=append
+
+poc: poc.c
+	gcc -o poc poc.c -static -pthread 
+root: root.c
+	gcc -o root root.c -static
+clean:
+	rm -rf poc root exploit poc.tar.gz