# linux-kernel-exploits
**Repository Path**: wilinux/linux-kernel-exploits
## Basic Information
- **Project Name**: linux-kernel-exploits
- **Description**: No description available
- **Primary Language**: Unknown
- **License**: MIT
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No
## Statistics
- **Stars**: 0
- **Forks**: 5
- **Created**: 2020-09-17
- **Last Updated**: 2020-12-19
## Categories & Tags
**Categories**: Uncategorized
**Tags**: None
## README
# linux-kernel-exploits
### 简介
linux-kernel-exploits
***
#### 漏洞列表
#### #CVE #Description #Kernels
- [CVE–2018–18955](./2018/CVE-2018-18955) [map_write() in kernel/user_namespace.c allows privilege escalation]
(Linux kernel 4.15.x through 4.19.x before 4.19.2)
- [CVE–2018–1000001](./2018/CVE–2018–1000001) [glibc]
(glibc <= 2.26)
- [CVE-2017-1000367](./2017/CVE-2017-1000367) [Sudo]
(Sudo 1.8.6p7 - 1.8.20)
- [CVE-2017-1000112](./2017/CVE-2017-1000112) [a memory corruption due to UFO to non-UFO path switch]
- [CVE-2017-16995](./2017/CVE-2017-16995) [Memory corruption caused by BPF verifier]
(Linux kernel before 4.14 - 4.4)
- [CVE-2017-16939](./2017/CVE-2017-16939) [UAF in Netlink socket subsystem – XFRM]
(Linux kernel before 4.13.11)
- [CVE-2017-7494](./2017/CVE-2017-7494) [Samba Remote execution]
(Samba 3.5.0-4.6.4/4.5.10/4.4.14)
- [CVE-2017-7308](./2017/CVE-2017-7308) [a signedness issue in AF\_PACKET sockets]
(Linux kernel through 4.10.6)
- [CVE-2017-6074](./2017/CVE-2017-6074) [a double-free in DCCP protocol]
(Linux kernel through 4.9.11)
- [CVE-2017-5123](./2017/CVE-2017-5123) ['waitid()']
(Kernel 4.14.0-rc4+)
- [CVE-2016-9793](./2016/CVE-2016-9793) [a signedness issue with SO\_SNDBUFFORCE and SO\_RCVBUFFORCE socket options]
(Linux kernel before 4.8.14)
- [CVE-2016-5195](./2016/CVE-2016-5195) [Dirty cow]
(Linux kernel>2.6.22 (released in 2007))
- [CVE-2016-2384](./2016/CVE-2016-2384) [a double-free in USB MIDI driver]
(Linux kernel before 4.5)
- [CVE-2016-0728](./2016/CVE-2016-0728) [pp_key]
(3.8.0, 3.8.1, 3.8.2, 3.8.3, 3.8.4, 3.8.5, 3.8.6, 3.8.7, 3.8.8, 3.8.9, 3.9, 3.10, 3.11, 3.12, 3.13, 3.4.0, 3.5.0, 3.6.0, 3.7.0, 3.8.0, 3.8.5, 3.8.6, 3.8.9, 3.9.0, 3.9.6, 3.10.0, 3.10.6, 3.11.0, 3.12.0, 3.13.0, 3.13.1)
- [CVE-2015-7547](./2015/CVE-2015-7547) [glibc getaddrinfo]
(before Glibc 2.9)
- [CVE-2015-1328](./2015/CVE-2015-1328) [overlayfs]
(3.13, 3.16.0, 3.19.0)
- [CVE-2014-5284](./2014/CVE-2014-5284) [OSSEC]
(2.8)
- [CVE-2014-4699](./2014/CVE-2014-4699) [ptrace]
(before 3.15.4)
- [CVE-2014-4014](./2014/CVE-2014-4014) [Local Privilege Escalation]
(before 3.14.8)
- [CVE-2014-3153](./2014/CVE-2014-3153) [futex]
(3.3.5 ,3.3.4 ,3.3.2 ,3.2.13 ,3.2.9 ,3.2.1 ,3.1.8 ,3.0.5 ,3.0.4 ,3.0.2 ,3.0.1 ,2.6.39 ,2.6.38 ,2.6.37 ,2.6.35 ,2.6.34 ,2.6.33 ,2.6.32 ,2.6.9 ,2.6.8 ,2.6.7 ,2.6.6 ,2.6.5 ,2.6.4 ,3.2.2 ,3.0.18 ,3.0 ,2.6.8.1)
- [CVE-2014-0196](./2014/CVE-2014-0196) [rawmodePTY]
(2.6.31, 2.6.32, 2.6.33, 2.6.34, 2.6.35, 2.6.36, 2.6.37, 2.6.38, 2.6.39, 3.14, 3.15)
- [CVE-2014-0038](./2014/CVE-2014-0038) [timeoutpwn]
(3.4, 3.5, 3.6, 3.7, 3.8, 3.8.9, 3.9, 3.10, 3.11, 3.12, 3.13, 3.4.0, 3.5.0, 3.6.0, 3.7.0, 3.8.0, 3.8.5, 3.8.6, 3.8.9, 3.9.0, 3.9.6, 3.10.0, 3.10.6, 3.11.0, 3.12.0, 3.13.0, 3.13.1)
- [CVE-2013-2094](./2013/CVE-2013-2094) [perf_swevent]
(3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.1.0, 3.2, 3.3, 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.4.4, 3.4.5, 3.4.6, 3.4.8, 3.4.9, 3.5, 3.6, 3.7, 3.8.0, 3.8.1, 3.8.2, 3.8.3, 3.8.4, 3.8.5, 3.8.6, 3.8.7, 3.8.8, 3.8.9)
- [CVE-2013-1858](./2013/CVE-2013-1858) [clown-newuser]
(3.3-3.8)
- [CVE-2013-1763](./2013/CVE-2013-1763) [__sock_diag_rcv_msg]
(before 3.8.3)
- [CVE-2013-0268](./2013/CVE-2013-0268) [msr]
(2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22, 2.6.23, 2.6.24, 2.6.25, 2.6.26, 2.6.27, 2.6.27, 2.6.28, 2.6.29, 2.6.30, 2.6.31, 2.6.32, 2.6.33, 2.6.34, 2.6.35, 2.6.36, 2.6.37, 2.6.38, 2.6.39, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.1.0, 3.2, 3.3, 3.4, 3.5, 3.6, 3.7.0, 3.7.6)
- [CVE-2012-3524](./2012/CVE-2012-3524) [libdbus]
(libdbus 1.5.x and earlier)
- [CVE-2012-0056](./2012/CVE-2012-0056) [memodipper]
(2.6.39, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.1.0)
- [CVE-2010-4347](./2010/CVE-2010-4347) [american-sign-language]
( 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.8, 2.6.9, 2.6.10, 2.6.11, 2.6.12, 2.6.13, 2.6.14, 2.6.15, 2.6.16, 2.6.17, 2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22, 2.6.23, 2.6.24, 2.6.25, 2.6.26, 2.6.27, 2.6.28, 2.6.29, 2.6.30, 2.6.31, 2.6.32, 2.6.33, 2.6.34, 2.6.35, 2.6.36)
- [CVE-2010-4258](./2010/CVE-2010-4258) [full-nelson]
(2.6.31, 2.6.32, 2.6.35, 2.6.37)
- [CVE-2010-4073](./2010/CVE-2010-4073) [half_nelson]
(2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.8, 2.6.9, 2.6.10, 2.6.11, 2.6.12, 2.6.13, 2.6.14, 2.6.15, 2.6.16, 2.6.17, 2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22, 2.6.23, 2.6.24, 2.6.25, 2.6.26, 2.6.27, 2.6.28, 2.6.29, 2.6.30, 2.6.31, 2.6.32, 2.6.33, 2.6.34, 2.6.35, 2.6.36)
- [CVE-2010-3904](./2010/CVE-2010-3904) [rds]
(2.6.30, 2.6.31, 2.6.32, 2.6.33, 2.6.34, 2.6.35, 2.6.36)
- [CVE-2010-3437](./2010/CVE-2010-3437) [pktcdvd]
(2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.8, 2.6.9, 2.6.10, 2.6.11, 2.6.12, 2.6.13, 2.6.14, 2.6.15, 2.6.16, 2.6.17, 2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22, 2.6.23, 2.6.24, 2.6.25, 2.6.26, 2.6.27, 2.6.28, 2.6.29, 2.6.30, 2.6.31, 2.6.32, 2.6.33, 2.6.34, 2.6.35, 2.6.36)
- [CVE-2010-3301](./2010/CVE-2010-3301) [ptrace_kmod2]
(2.6.26, 2.6.27, 2.6.28, 2.6.29, 2.6.30, 2.6.31, 2.6.32, 2.6.33, 2.6.34)
- [CVE-2010-3081](./2010/CVE-2010-3081) [video4linux]
(2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.8, 2.6.9, 2.6.10, 2.6.11, 2.6.12, 2.6.13, 2.6.14, 2.6.15, 2.6.16, 2.6.17, 2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22, 2.6.23, 2.6.24, 2.6.25, 2.6.26, 2.6.27, 2.6.28, 2.6.29, 2.6.30, 2.6.31, 2.6.32, 2.6.33)
- [CVE-2010-2959](./2010/CVE-2010-2959) [can_bcm]
(2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22, 2.6.23, 2.6.24, 2.6.25, 2.6.26, 2.6.27, 2.6.28, 2.6.29, 2.6.30, 2.6.31, 2.6.32, 2.6.33, 2.6.34, 2.6.35, 2.6.36)
- [CVE-2010-1146](./2010/CVE-2010-1146) [reiserfs]
(2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22, 2.6.23, 2.6.24, 2.6.25, 2.6.26, 2.6.27, 2.6.28, 2.6.29, 2.6.30, 2.6.31, 2.6.32, 2.6.33, 2.6.34)
- [CVE-2010-0415](./2010/CVE-2010-0415) [do_pages_move]
(2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22, 2.6.23, 2.6.24, 2.6.25, 2.6.26, 2.6.27, 2.6.28, 2.6.29, 2.6.30, 2.6.31)
- [CVE-2009-3547](./2009/CVE-2009-3547) [pipe.c_32bit]
(2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.9, 2.4.10, 2.4.11, 2.4.12, 2.4.13, 2.4.14, 2.4.15, 2.4.16, 2.4.17, 2.4.18, 2.4.19, 2.4.20, 2.4.21, 2.4.22, 2.4.23, 2.4.24, 2.4.25, 2.4.26, 2.4.27, 2.4.28, 2.4.29, 2.4.30, 2.4.31, 2.4.32, 2.4.33, 2.4.34, 2.4.35, 2.4.36, 2.4.37, 2.6.15, 2.6.16, 2.6.17, 2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22, 2.6.23, 2.6.24, 2.6.25, 2.6.26, 2.6.27, 2.6.28, 2.6.29, 2.6.30, 2.6.31)
- [CVE-2009-2698](./2009/CVE-2009-2698) [udp_sendmsg_32bit]
(2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.8, 2.6.9, 2.6.10, 2.6.11, 2.6.12, 2.6.13, 2.6.14, 2.6.15, 2.6.16, 2.6.17, 2.6.18, 2.6.19)
- [CVE-2009-2692](./2009/CVE-2009-2692) [sock_sendpage]
(2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.9, 2.4.10, 2.4.11, 2.4.12, 2.4.13, 2.4.14, 2.4.15, 2.4.16, 2.4.17, 2.4.18, 2.4.19, 2.4.20, 2.4.21, 2.4.22, 2.4.23, 2.4.24, 2.4.25, 2.4.26, 2.4.27, 2.4.28, 2.4.29, 2.4.30, 2.4.31, 2.4.32, 2.4.33, 2.4.34, 2.4.35, 2.4.36, 2.4.37, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.8, 2.6.9, 2.6.10, 2.6.11, 2.6.12, 2.6.13, 2.6.14, 2.6.15, 2.6.16, 2.6.17, 2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22, 2.6.23, 2.6.24, 2.6.25, 2.6.26, 2.6.27, 2.6.28, 2.6.29, 2.6.30)
- [CVE-2009-2692](./2009/CVE-2009-2692) [sock_sendpage2]
(2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.9, 2.4.10, 2.4.11, 2.4.12, 2.4.13, 2.4.14, 2.4.15, 2.4.16, 2.4.17, 2.4.18, 2.4.19, 2.4.20, 2.4.21, 2.4.22, 2.4.23, 2.4.24, 2.4.25, 2.4.26, 2.4.27, 2.4.28, 2.4.29, 2.4.30, 2.4.31, 2.4.32, 2.4.33, 2.4.34, 2.4.35, 2.4.36, 2.4.37, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.8, 2.6.9, 2.6.10, 2.6.11, 2.6.12, 2.6.13, 2.6.14, 2.6.15, 2.6.16, 2.6.17, 2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22, 2.6.23, 2.6.24, 2.6.25, 2.6.26, 2.6.27, 2.6.28, 2.6.29, 2.6.30)
- [CVE-2009-1337](./2009/CVE-2009-1337) [exit_notify]
(2.6.25, 2.6.26, 2.6.27, 2.6.28, 2.6.29)
- [CVE-2009-1185](./2009/CVE-2009-1185) [udev]
(2.6.25, 2.6.26, 2.6.27, 2.6.28, 2.6.29)
- [CVE-2008-4210](./2008/CVE-2008-4210) [ftrex]
(2.6.11, 2.6.12, 2.6.13, 2.6.14, 2.6.15, 2.6.16, 2.6.17, 2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22)
- [CVE-2008-0600](./2008/CVE-2008-0600) [vmsplice2]
(2.6.23, 2.6.24)
- [CVE-2008-0600](./2008/CVE-2008-0600) [vmsplice1]
(2.6.17, 2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.6.22, 2.6.23, 2.6.24, 2.6.24.1)
- [CVE-2006-3626](./2006/CVE-2006-3626) [h00lyshit]
(2.6.8, 2.6.10, 2.6.11, 2.6.12, 2.6.13, 2.6.14, 2.6.15, 2.6.16)
- [CVE-2006-2451](./2006/CVE-2006-2451) [raptor_prctl]
(2.6.13, 2.6.14, 2.6.15, 2.6.16, 2.6.17)
- [CVE-2005-0736](./2005/CVE-2005-0736) [krad3]
(2.6.5, 2.6.7, 2.6.8, 2.6.9, 2.6.10, 2.6.11)
- [CVE-2005-1263](./2005/CVE-2005-1263) [binfmt_elf.c]
(Linux kernel 2.x.x to 2.2.27-rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.12-rc4)
- [CVE-2004-1235](./2004/CVE-2004-1235) [elflbl]
(2.4.29)
- [CVE-N/A](./2004/caps_to_root) [caps_to_root]
(2.6.34, 2.6.35, 2.6.36)
- [CVE-2004-0077](./2004/CVE-2004-0077) [mremap_pte]
(2.4.20, 2.2.24, 2.4.25, 2.4.26, 2.4.27)
### 工具
- [Linux_Exploit_Suggester](https://github.com/PenturaLabs/Linux_Exploit_Suggester) [@PenturaLabs](https://github.com/PenturaLabs/Linux_Exploit_Suggester)
- [mzet-/linux-exploit-suggester](https://github.com/mzet-/linux-exploit-suggester)
- [jondonas/linux-exploit-suggester-2](https://github.com/jondonas/linux-exploit-suggester-2/blob/master/linux-exploit-suggester-2.pl)
- [spencerdodd/kernelpop](https://github.com/spencerdodd/kernelpop)
### 项目维护
+ **ourren**(sina weibo @ourren)
+ **hx**(sina weibo @hx)
+ **CaledoniaProject**(github @CaledoniaProject)
### 免责说明
请勿用于非法的用途,否则造成的严重后果与本项目无关。
### 参考链接
- [kernel exploits](https://www.kernel-exploits.com/)
- [Unix-Privilege-Escalation-Exploits-Pack](https://github.com/Kabot/Unix-Privilege-Escalation-Exploits-Pack/)
- [A bunch of proof-of-concept exploits for the Linux kernel](https://github.com/xairy/kernel-exploits)
- [kernel-exploits](https://github.com/lucyoa/kernel-exploits)
### 转载
转载请注明来自https://github.com/SecWiki/linux-kernel-exploits
### 补充完善
欢迎大家帮助补充完善 [git_man@outlook.com](git_man@outlook.com)
©SecWiki 2017