security-research

CVE-2023-2163: Path pruning gone wrong

This Proof-Of-Concept demonstrates the exploitation of CVE-2023-2163.

Technical details

A bug in the eBPF Verifier branch pruning logic can lead to unsafe code paths being incorrectly marked as safe. As demonstrated in the exploitation section, this can be leveraged to get arbitrary read/write in kernel memory, leading to LPE and Container escape.

Usage

$ make
$ ./exploit

Credits

Juan Jose Lopez Jaimez (@thatjiaozi) Meador Inge (@meadori) Simon Scannell (@scannell_simon) Valentina Palmiotti (@chompie1337)