CS179F, Operating Systems, Fall 2017
Professor Zhiyun Qian
Dec. 15, 2017
Angda Song, Qiwen Lyu
The vulnerability CVE-2017-7308 is a signed integer casting issue, which does not properly validate the range of casted value. The vulnerability may be exploited to perform out-of-bounds writing operations on kernel memory. Out-of-bound writes can be used for hijacking kernel mode function pointers to execute arbitrary code, which can cause illegal privilege escalation under certain conditions, and/or denial of service on all systems running Linux kernel version prior to 4.10.6.
To exploit the vulnerability, we reverse engineered the proof-of-concept binary provided by professor to analyze runtime behavior with radare2, and we compiled Linux kernel 4.4.0-75 - 4.8.0-54 to study Kernel Address Space Layout Randomization. At the end this project, we successfully exploited several distros with different kernel versions.