Techly NewsGet the app

Get the latest tech news

Kernel-hack-drill and exploiting CVE-2024-50264 in the Linux kernel


Some memory corruption bugs are much harder to exploit than others. They can involve race conditions, crash the system, and impose limitations that make a researcher's life difficult. Working with such fragile vulnerabilities demands significant time and effort. CVE-2024-50264 in the Linux kernel is one such hard bug, which received the Pwnie Award 2025 as the Best Privilege Escalation. In this article, I introduce my personal project kernel-hack-drill and show how it helped me to exploit CVE-2024-50264.

It performs a cross-allocator attack and overwrites a page table entry (PTE) to implement the Dirty Pagetable technique and gain LPE on x86_64. In addition, 4 attacker-controlled bytes from the vsock UAF write at offset 24 can flip pipe_buffer.flags, just as in Max Kellermann's original Dirty Pipe attack. Working on this hard race condition with multiple limitations allowed me to discover new exploitation techniques and to use and improve my pet project kernel-hack-drill, which provides a testing environment for Linux kernel security researchers.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Linux

Linux

Photo of linux kernel

linux kernel

Photo of kernel

kernel

Related news:

News photo

Making a Linux home server sleep on idle and wake on demand (2023)

News photo

AMD "sbtsi_temp" Driver Being Updated For Linux 6.18 To Handle Freezing CPU Temperatures

News photo

I finally found an Arch-based Linux distro even newbies can run

« Google plans to block side-loading like Apple, declaring war on Android freedom
Lit: a library for building fast, lightweight web components »